Law Enforcement Agencies Make Largest Botnet Takedown to Date

In another massive sweep targeting cybercrime, Law enforcement agencies from around the globe teamed up to take down a number of malware droppers, in what has been called the largest botnet takedown to date. The operation, dubbed "Operation Endgame", took place over the course of three days between May 27 and 29, 2024, and involved authorities from the Netherlands, Germany, France, Denmark, the United States, and the United Kingdom.

The operation targeted well-known bots including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. These bots are particularly harmful as they act as loaders for additional payloads and are used to deploy ransomware and other malicious activities. The operation aimed to disrupt criminal services by arresting key individuals, dismantling the infrastructures, and freezing any illegal proceeds.

According to Europol, the operation had a global impact on the dropper ecosystem, and eight fugitives linked to these activities will be added to Europe's Most Wanted list on May 30, 2024. This large-scale operation was led by France, Germany, and the Netherlands and involved multiple countries and private partners.

During the raids, 4 arrests were made (1 in Armenia and 3 in Ukraine), 16 location searches (1 in Armenia, 1 in the Netherlands, 3 in Portugal, and 11 in Ukraine), and over 100 servers taken down or disrupted in Bulgaria, Canada, Germany, Lithuania, the Netherlands, Romania, Switzerland, the United Kingdom, the United States, and Ukraine.

Additionally, over 2,000 domains under the control of law enforcement were taken down, and a main suspect has earned at least EUR 69 million in cryptocurrency by renting out criminal infrastructure sites to deploy ransomware. While the criminal activity behind the targeted botnets is still continuing, this is a significant step in combating cybercrime on a global scale and sending a message to perpetrators that they will be pursued and brought to justice.

Read more