Europol-Led Operation Endgame Takes Down StealC and Amadey Infostealers
Operation Endgame seized around 50 domains and nearly 200 active IP-based servers associated with the infostealers
Coverage of Operation Endgame tracks reported incidents, infrastructure, and tactics over time, including campaigns’ effects on systems and networks.
Search across headline titles and summaries.
Background for this topic.
Operation Endgame is the label used for reporting on a coordinated disruption of malware-loader infrastructure and related criminal services, including activity involving families such as IcedID, Bumblebee, Pikabot, and Smokeloader. Coverage can include seized or redirected servers and domains, arrests, malware analysis, and follow-on effects on infrastructure used to deliver malicious software. It describes a set of related incidents and actions, not a single malware product or a permanently active organization.
The security relevance is the loaders’ role as an initial-access layer: a compromised endpoint can be used to deploy infostealers, remote-access tools, or ransomware. Defenders should treat reported indicators—domains, IP addresses, hashes, and loader behaviors—as time-sensitive intelligence, validate them against local telemetry, and investigate endpoint execution chains rather than relying only on static blocking. Vulnerability management for exposed services and rapid isolation of systems showing loader activity can limit downstream compromise, while incident responders should account for possible credential theft and persistence when reviewing affected hosts.
Weekly headline count for the current query.
Operation Endgame seized around 50 domains and nearly 200 active IP-based servers associated with the infostealers
Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with SocGholish and cleaned up nearly 15,000 infected WordPress websites
SocGholish malware has been removed from 15,000 sites associated with Evil Corp hackers
33-year-old was under surveillance for some time before returning home from the UAE Dutch police believe they have arrested a man behind the AVCheck online platform - a service used by cybercrims that Operation Endgame shuttered in May.…
Rhadamanthys, VenomRAT and Elysium Targeted in OperationA multinational law enforcement operation resulted in the arrest of a remote access Trojan operator and the seizure of over 1,000 info stealer and botnet servers. Authorities took down 1,025 servers associated with the Rhadamanthys infostealer, the Venom RAT and a botnet dubbed Elysium.
A global law enforcement operation has taken down the Rhadamanthys infostealer, VenomRAT trojan and the Elysium botnet
Operation Endgame also takes down Elysium and VenomRAT infrastructure International cops have pulled apart the Rhadamanthys infostealer operation, seizing 1,025 servers tied to the malware in coordinated raids between November 10-13.…
Malware families like Rhadamanthys Stealer, Venom RAT, and the Elysium botnet have been disrupted as part of a coordinated law enforcement operation led by Europol and Eurojust
Law enforcement authorities from 9 countries have taken down 1,025 servers used by the Rhadamanthys infolstealer, VenomRAT, and Elysium botnet malware operations in the latest phase of Operation Endgame, an international action targeting cybercrime. [...]
The DanaBot malware has returned with a new version observed in attacks, six-months after law enforcement's Operation Endgame disrupted its activity in May. [...]
Cybercrime response needs more aggressive actions from those seeking to protect victims and pursue criminals.
Police Take Down 300 Servers Worldwide, Neutralize 650 DomainsLaw enforcement in a European-led operation against malware often used as a precursor to ransomware took down 300 servers worldwide, police said Friday. The crackdown is the latest action under Operation Endgame targeting ransomware and botnet ecosystem.
Police Take Down 300 Servers Worldwide, Neutralize 650 DomainsLaw enforcement in a European-led operation against malware often used as a precursor to ransomware took down 300 servers worldwide, police said Friday. The crackdown is the latest action under Operation Endgame targeting ransomware and botnet ecosystem.
As part of the latest "season" of Operation Endgame, a coalition of law enforcement agencies have taken down about 300 servers worldwide, neutralized 650 domains, and issued arrest warrants against 20 targets
In the latest phase of Operation Endgame, an international law enforcement operation, national authorities from seven countries seized 300 servers and 650 domains used to launch ransomware attacks. [...]
Officials teased more details to come later this year Following the 2024 takedown of several major malware operations under Operation Endgame, law enforcement has continued its crackdown into 2025, detaining five individuals linked to the Smokeloader botnet.…
Police have made more arrests in the ongoing Operation Endgame, cracking down on malware customers
In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet's customers and detained at least five individuals. [...]
The Bumblebee malware loader has been spotted in new attacks recently, more than four months after Europol disrupted it during 'Operation Endgame' in May. [...]
International law enforcement Operation Endgame shifts its crackdown to focus on individual adversaries.