Investigators from several countries strike the biggest blow against cybercrime to date with Operation Endgame. The success the authorities have achieved.
Endgame: Over 100 servers confiscated
In an unprecedented international collaboration, law enforcement agencies from the Netherlands, Germany, France, Denmark, the UK, Austria and the USA have achieved a major success in the fight against cybercrime. On May 28 and 29, 2024, several of the currently most influential malware families were taken offline.
As part of the international Operation Endgame, over 100 servers were confiscated and more than 1,300 criminally used domains were rendered harmless. A significant breakthrough was also achieved in the financial prosecution of the perpetrators: An asset freeze of 69 million euros was obtained against an identified operator and administrator. In addition, 99 crypto wallets with a total volume of over 70 million euros were blocked. The measures led to the issuing of 10 international arrest warrants and four provisional arrests. Extensive evidence was seized during house searches in Armenia, the Netherlands, Portugal and Ukraine, which is now being analyzed and may lead to further investigations.
The successful conclusion of the operation is the result of lengthy and intensive investigations in the countries concerned. In Germany, investigations are being conducted on suspicion of gang and commercial extortion and membership of a criminal organization abroad.
Dangerous dropper services destroyed
Operation Endgame aimed to permanently destroy the technical and financial infrastructure of the perpetrator groups. The focus was particularly on the malware families IcedID, SystemBC, Bumblebee, Smokeloader, Pikabot and Trickbot. These malware programs, known as "droppers", are used as initial infection tools to download further malware programs. All of this is done with the aim of tapping into personal data such as usernames and passwords or, in the case of ransomware, encrypting infected systems or affected networks with the intention of blackmailing them.
Of particular importance was the fight against Smokeloader - a malware that has been active for over ten years and has infected thousands of systems worldwide. By seizing the technical infrastructure of Smokeloader and five other dropper services, the perpetrators were denied access to the victim systems. The Federal Office for Information Security (BSI) now has the task of informing the affected victims about their infection.
In the course of the operation, arrest warrants were issued in Germany for eight perpetrators. Seven of them are suspected of being members of the Trickbot group, while the eighth is considered to be one of the masterminds behind Smokeloader.
"With the international operation 'Endgame', our investigative authorities have succeeded in striking the biggest and most significant blow against cybercrime to date," explained Federal Minister of the Interior Nancy Fraser. "This major success in the fight against cybercrime shows that Even on the Internet, criminals cannot feel safe."