Operation Endgame, an international law enforcement operation, confiscated over NUM0 servers globally. Various large malware loader operations, such as IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC, used these servers.

Between May 27 and NUM, the action took place. This event included 16 location searches in Europe. Four individuals were arrested—one in Armenia and three in Ukraine.

The police have identified eight individuals involved in malware activities. Later today, they will add these individuals to Europol’s ‘Most Wanted’list.

The authorities now have control over infrastructure spanning Europe and North America, which hosts over NUM0 domains. Previously, these domains facilitated unlawful services.

Police from Germany, the United States, the United Kingdom, France, Denmark, and the Netherlands took part in Operation Endgame.

Experts from Bitdefender provided intelligence for the operation. Experts from Cryptolaemus, Sekoia, Shadowserver, Team Cymru, Prodaft, Proofpoint, NFIR, Computest, Northwave, Fox-IT, HaveIBeenPwned, and DIVD also contributed intelligence.

Seizure banner on one of the seized domains (Europol)

Millions of computers infected

One of the main suspects gained at least EUR 69 million in bitcoin by renting out criminal infrastructure sites to install ransomware, according to a statement made public by Europol.

Many of these droppers began as banking trojans and developed to focus on early access while also simplifying their functioning and removing dangerous features to reduce detection.

They impersonate legitimate processes and heavily obfuscate their code, frequently storing these strategies in memory.

Europol reported that one of the major suspects in one of the targeted malware operations earned more than 69 million euros ($74.5 million) by renting out their equipment for ransomware deployment.

One of the main suspects gained at least EUR 69 million in bitcoin by renting out criminal infrastructure  sites to install ransomware, according to a statement made public by Europol.

More information about the suspects and the law enforcement operation is scheduled to be published on this dedicated portal later today.

Found this article interesting? Follow us on LinkedIn and Instagram to read more exclusive content we post.

Leave a Reply

Your email address will not be published. Required fields are marked *