Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Authorities from around the world join forces for a massive cyber crime operation responsible for the seizure of multiple domains and servers, as well as one arrest.
Europol and law enforcement authorities from around the world, including Australia, have taken part in the latest phase of the ongoing Operation Endgame campaign targeting cyber criminals and their infrastructure.
Coordinated with the assistance of Eurojust, authorities from Belgium, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, the United Kingdom, and the United States worked on the latest phase of the operation, with the assistance of more than 30 private and public parties from around the world, including CrowdStrike, Lumen, Abuse.ch, and HaveIBeenPwned.
The police action targeted the Rhadamanthys info stealer, the VenomRAT remote access trojan, and the Elysium botnet, all major enablers of cyber crime and ransomware.
Operation Endgame 3.0 led to the arrest of one individual in Greece (who police allege was responsible for operating the VenomRAT Trojan), the search of 11 locations in Germany, Greece, and the Netherlands, the takedown or disruption of more than 1,025 servers, and the seizure of 20 domains.
“The dismantled malware infrastructure consisted of hundreds of thousands of infected computers containing several million stolen credentials. Many of the victims were not aware of the infection of their systems,” Europol said in a statement.
“The main suspect behind the info stealer had access to over 100,000 crypto wallets belonging to these victims, potentially worth millions of euros.”
Adam Meyers, CrowdStrike’s head of counter adversary operations, told Cyber Daily the operation showed what was possible when the private sector works closely on such operations.
“Operation Endgame 3.0 shows what’s possible when law enforcement and the private sector work together. Disrupting the front end of the ransomware kill chain – the initial-access brokers, loaders, and info stealers – instead of just the operators themselves, has a ripple effect through the e-crime ecosystem,” Meyers said.
“By targeting the infrastructure that fuels ransomware, this operation struck the ransomware economy at its source. But disruption isn’t eradication. Defenders should use this window to harden their environments, close visibility gaps, and hunt for the next wave of tools these adversaries will deploy. Continued intelligence sharing between governments and private-sector partners like CrowdStrike will be key to maintaining this momentum and driving a lasting impact.”
According to an update to HaveIBeenPwned, the operation uncovered 2 million compromised email addresses and 7.4 million passwords, all of which were provided to the website on 13 November.
The last phase of Operation Endgame took place in May 2025, when authorities took down around 300 servers, disrupted 650 domains, and issued arrest warrants for 20 cyber criminals.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
