In a sweeping international effort, Europol announced the successful shutdown of over 100 servers associated with major malware loader operations including IcedID, TrickBot, and several others. The coordinated action, known as Operation Endgame, took place from May 27 to May 29, involving law enforcement agencies across multiple countries and resulting in the arrest of four suspects and the confiscation of over 2,000 domains.
The targeted malware families, known for facilitating ransomware and other malicious software across the globe, were part of extensive criminal infrastructures. This takedown represents the largest-ever operation against botnets, significantly disrupting a cybercriminal ecosystem responsible for numerous high-profile cyberattacks, including the massive SolarWinds cyberattack in 2020.
Why it matters: Operation Endgame marks a significant milestone in the fight against cybercrime, showcasing the power of international cooperation in dismantling sophisticated criminal networks. The disruption of these botnets will likely lead to a temporary reduction in ransomware attacks, providing a respite for potential victims and highlighting the importance of sustained law enforcement efforts.
- Operation Details: Europol’s Operation Endgame was a truly coordinated global effort, with actions taken by law enforcement across Armenia, Bulgaria, Canada, Germany, Lithuania, the Netherlands, Portugal, Romania, Switzerland, Ukraine, the United Kingdom, and the United States.
- Cybercrime Crackdown: Four individuals were arrested—one in Armenia and three in Ukraine. Authorities are also seeking the arrest of seven more individuals associated with TrickBot and SmokeLoader malware. One main suspect allegedly earned €69 million by renting out criminal infrastructure sites to deploy ransomware. Nearly 100 cryptocurrency wallets with over €70 million were blocked.
- Technological Tactics: The operation utilized “sinkholing” techniques to take control of and disable botnets. This involved redirecting malicious traffic to servers controlled by law enforcement. While significant strides have been made, Europol emphasized that Operation Endgame is not yet complete. Further actions are anticipated, and new suspects will be added to Europe’s Most Wanted list.
Over 100 Malware Servers Shut Down in ‘Largest Ever’ Operation Against Botnets – The Record
Operation Endgame, The Largest Law Enforcement Operation Ever Against Botnets – Security Affairs