Seven international authorities supported by Europol have majorly disrupted cybercriminal operations via their long-term operation “Endgame.”
This development is the latest phase of the operation, which previously took down servers, dismantled domains, and made multiple arrests in what Europol dubs the “largest-ever international action against botnets.”
This time, Europol, accompanied by other international authorities, has seized 300 servers worldwide, taken down 650 domains, and issued arrest warrants against 20 cybercriminals.
Authorities also managed to seize €3.5 million ($3.96 million) in cryptocurrency during the week the sting took place.
💥 Ransomware kill chain broken – Operation Endgame strikes again
undefined Europol (@Europol) May 23, 2025
🔸 300 servers taken down
🔸 650 domains neutralised
🔸 €3.5M crypto seized
🔸 20 international arrest warrants
Europol & partners deliver another blow to global cybercrime.
More ⤵️https://t.co/oPx9U8HQSr pic.twitter.com/jHE2YnPpm8
Additionally, the operation focused on neutralizing specific strains of initial access malware, the tools cybercriminals use to access systems undetected before launching their attack.
“By disabling these entry points, investigators have struck at the very start of the cyberattack chain, damaging the entire cybercrime-as-a-service ecosystem,” Europol said.
Malware strains like Bumblebee, Lactrodectus, Qakbot, Danabot, Trickbot, and Warmcookie were neutralized during the sting.
These strains are offered to cybercriminals as a service and “are used to pave the way for large-scale ransomware attacks,” says Europol.
Authorities intend to ask the public for help identifying several key suspects behind these malware operations. Authorities in Germany are set to publish 18 suspects on the EU’s Most Wanted List on May 23rd, 2025.
In other news, the US Justice Department announced the indictment of a Russian cybercriminal who is said to be the mastermind behind one of the malware strains.
US authorities say 48-year-old Rustam Rafailevich Gallyamov, a Moscow resident, is responsible not only for developing the Qakbot malware but also for leading a group of cybercriminals who deployed it against hundreds of thousands of victims.
Qakbot, originally a banking trojan, has been used by cybercriminals and ransomware gangs since roughly 2008.
It’s also one of the most common tools for attackers to drop payloads in the initial cyberattack stage.
Your email address will not be published. Required fields are markedmarked