Coordinated international peration dismantles 3 major malware networks

An international coalition of loaw enforcement agencies, coordinated by Europol and Eurojust, has dealt a significant strike against global cybercrime infrastructure in the latest phase of Operation Endgame. The sweep, which spanned 11 countries, successfully dismantled or disrupted the infrastructure of three major malware families that served as crucial "initial access" tools for ransomware groups and credential thieves worldwide.

The operation, which concluded last week, represents a major collaborative effort between the United States, Canada, the United Kingdom, and multiple European nations, demonstrating a commitment to targeting the malware-as-a-service (MaaS) economy.

The targets: Infostealers, RATs, and Botnets

The latest phase of Operation Endgame focused on three prominent tools instrumental in facilitating large-scale digital crime:

• Rhadamanthys: A notorious infostealer responsible for exfiltrating millions of sensitive credentials, browser data, and cryptocurrency wallet information. Authorities noted the main suspect had access to over 100,000 crypto wallets belonging to victims.

• VenomRAT: A powerful Remote Access Trojan (RAT) used to remotely control victim systems, log keystrokes, and harvest data. The suspected main operator of VenomRAT was arrested in Greece and faces extradition to France.

• Elysium: A highly active botnet ecosystem used to aggregate compromised machines for data theft and subsequent malware distribution.

The coordinated efforts resulted in a staggering number of seizures and disruptions:

• 1,025+ Servers taken down or disrupted worldwide

• 20 Internet Domains seized, now displaying a law enforcement notice

• 1 Arrest made in Greece, with 11 locations searched across Europe.

Europol stated that the infrastructure had infected hundreds of thousands of computers and stolen several million credentials, often without victims even knowing.

"This operation is a direct hit to the cybercrime supply chain," said a Europol spokesperson. "By dismantling the platforms that sell initial access and stolen credentials, we disrupt the entire ecosystem that fuels ransomware attacks and large-scale fraud."

The public-private partnership model

The success of Operation Endgame highlights the critical importance of cooperation between law enforcement and the private sector. More than 30 public and private partners, including major cybersecurity firms like Proofpoint, SpyCloud, CrowdStrike, and The Shadowserver Foundation, provided essential threat intelligence and technical expertise.

By combining judicial power with the industry's real-time visibility into criminal networks, authorities can execute simultaneous, cross-border takedowns that are far more impactful than isolated national efforts.

While authorities acknowledge that cybercriminals are quick to rebuild or migrate to new tools, a challenge often referred to as "whack-a-mole", this operation is a substantial victory that undermines criminal confidence and significantly hinders the flow of illicit revenue.