"Operation Endgame" deals a powerful blow to IcedID, Pikabot, Smokeloader and other digital threats.
From May 27 to May 29, 2024, an international law enforcement operation codenamed "Operation Endgame" captured more than 100 servers used for major malware campaigns using programs such as IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC.
The police conducted 16 searches in different European countries, which led to the arrest of four people: one in Armenia and three in Ukraine. In addition, law enforcement officers were able to identify eight fugitives associated with these operations. They will soon be added to Europol's "Most Wanted Criminals" list.
The main tool of cybercriminals was the so-called "droppers" - specialized programs that provide initial access to devices. These programs, originally designed as banking Trojans, have evolved and are now being used to deliver more dangerous components, such as information theft programs and ransomware.
Cybercriminals sent malicious emails or hid malware in installers distributed through ad networks and torrent trackers. They used evasive tactics such as code obfuscation and imitation of legitimate processes to avoid detection.
The infrastructure seized by the police included more than 2,000 domains used for illegal cyber operations, and is now under the control of the authorities. Police forces from Germany, the United States, the United Kingdom, France, Denmark and the Netherlands participated in Operation Endgame.
Support was provided by experts from Bitdefender, Cryptolaemus, Sekoia, Shadowserver, Team Cymru, Prodaft, Proofpoint, NFIR, Computest, Northwave, Fox-IT, HaveIBeenPwned, Spamhaus and DIVD.
"During the investigations, it was established that one of the main suspects earned at least 69 million euros in cryptocurrency by renting out criminal infrastructure sites for the deployment of ransomware," Europol said in a statement.
Additional information about the suspects and the operation itself will be published on a special Europol portal today at 17: 00 Moscow time.
From May 27 to May 29, 2024, an international law enforcement operation codenamed "Operation Endgame" captured more than 100 servers used for major malware campaigns using programs such as IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC.
The police conducted 16 searches in different European countries, which led to the arrest of four people: one in Armenia and three in Ukraine. In addition, law enforcement officers were able to identify eight fugitives associated with these operations. They will soon be added to Europol's "Most Wanted Criminals" list.
The main tool of cybercriminals was the so-called "droppers" - specialized programs that provide initial access to devices. These programs, originally designed as banking Trojans, have evolved and are now being used to deliver more dangerous components, such as information theft programs and ransomware.
Cybercriminals sent malicious emails or hid malware in installers distributed through ad networks and torrent trackers. They used evasive tactics such as code obfuscation and imitation of legitimate processes to avoid detection.
The infrastructure seized by the police included more than 2,000 domains used for illegal cyber operations, and is now under the control of the authorities. Police forces from Germany, the United States, the United Kingdom, France, Denmark and the Netherlands participated in Operation Endgame.
Support was provided by experts from Bitdefender, Cryptolaemus, Sekoia, Shadowserver, Team Cymru, Prodaft, Proofpoint, NFIR, Computest, Northwave, Fox-IT, HaveIBeenPwned, Spamhaus and DIVD.
"During the investigations, it was established that one of the main suspects earned at least 69 million euros in cryptocurrency by renting out criminal infrastructure sites for the deployment of ransomware," Europol said in a statement.
Additional information about the suspects and the operation itself will be published on a special Europol portal today at 17: 00 Moscow time.
