{"id":163876,"date":"2024-05-30T08:52:12","date_gmt":"2024-05-30T08:52:12","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=163876"},"modified":"2024-05-30T08:52:14","modified_gmt":"2024-05-30T08:52:14","slug":"operation-endgame","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/163876\/cyber-crime\/operation-endgame.html","title":{"rendered":"Operation Endgame, the largest law enforcement operation ever against botnets"},"content":{"rendered":"
<\/div>\n

An international law enforcement operation, called Operation Endgame targeted multiple botnets and their operators.<\/gwmw><\/gwmw><\/h2>\n\n\n\n

Between 27 and 29 May 2024, an international law enforcement operation coordinated by Europol, codenamed Operation Endgame, targeted malware droppers like IcedID<\/a>, SystemBC<\/a>, Pikabot<\/a>, Smokeloader<\/a>, Bumblebee<\/a>, and Trickbot<\/a>. <\/p>\n\n\n\n

The joint actions<\/strong><\/a> were carried out by authorities in the Netherlands, Germany, France, Denmark, United States, and the United Kingdom with support from Europol and Eurojust. In addition, with the cooperation of the aforementioned authorities, there have also been police actions in Ukraine, Switzerland, Armenia, Portugal, Romania, Canada, Lithuania and Bulgaria for the arrest or interrogation of suspects, searches or the seizure and downing of servers.<\/p>\n\n\n\n

It is the largest operation ever against botnets, crucial in deploying ransomware.<\/p>\n\n\n

\n
\"\"<\/a><\/figure><\/div>\n\n\n

These malicious codes are essential in the attack chain, they act as loaders for additional payloads and some of them are also used to perform post-exploitation activities, including privilege escalation, reconnaissance, and credential theft.\u00a0<\/gwmw><\/p>\n\n\n\n

The operation aimed to disrupt criminal services by arresting key individuals, dismantling infrastructures, and freezing illegal proceeds. Europol states that this operation had a global impact on the dropper ecosystem, which facilitated ransomware and other malicious attacks. Following the operation, eight fugitives linked to these activities will be added to Europe\u2019s Most Wanted list on 30 May 2024. This large-scale operation, led by France, Germany, and the Netherlands, and supported by Eurojust, involved multiple countries and private partners. <\/p>\n\n\n\n

The coordinated actions led to:<\/strong><\/p>\n\n\n\n