Europol-Led Operation Endgame Takes Down StealC and Amadey Infostealers
Operation Endgame seized around 50 domains and nearly 200 active IP-based servers associated with the infostealers
Coverage of Operation Endgame tracks reported incidents, infrastructure, and tactics over time, including campaigns’ effects on systems and networks.
Search across headline titles and summaries.
Background for this topic.
Operation Endgame is the label used for reporting on a coordinated disruption of malware-loader infrastructure and related criminal services, including activity involving families such as IcedID, Bumblebee, Pikabot, and Smokeloader. Coverage can include seized or redirected servers and domains, arrests, malware analysis, and follow-on effects on infrastructure used to deliver malicious software. It describes a set of related incidents and actions, not a single malware product or a permanently active organization.
The security relevance is the loaders’ role as an initial-access layer: a compromised endpoint can be used to deploy infostealers, remote-access tools, or ransomware. Defenders should treat reported indicators—domains, IP addresses, hashes, and loader behaviors—as time-sensitive intelligence, validate them against local telemetry, and investigate endpoint execution chains rather than relying only on static blocking. Vulnerability management for exposed services and rapid isolation of systems showing loader activity can limit downstream compromise, while incident responders should account for possible credential theft and persistence when reviewing affected hosts.
Weekly headline count for the current query.
Operation Endgame seized around 50 domains and nearly 200 active IP-based servers associated with the infostealers
SocGholish malware has been removed from 15,000 sites associated with Evil Corp hackers
A global law enforcement operation has taken down the Rhadamanthys infostealer, VenomRAT trojan and the Elysium botnet
Police have made more arrests in the ongoing Operation Endgame, cracking down on malware customers
The operation targeted several significant malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader and Bumblebee