An international law enforcement operation aimed at dismantling criminal infrastructure has targeted major droppers including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot.
Dubbed “Operation Endgame,” the police effort involved law enforcement from multiple countries, including France, Germany, the Netherlands, Denmark, the United Kingdom, and the United States. Additional support came from Armenia, Bulgaria, Lithuania, Portugal, Romania, Switzerland, and Ukraine.
From 27 to 29 May 2024, law enforcement agencies carried out a series of actions, leading to the takedown of over 100 servers globally and the arrest of four individuals, including one in Armenia and three in Ukraine.
The authorities conducted 16 searches in Armenia, the Netherlands, Portugal, and Ukraine, and took control over 2,000 domains used by cyber criminal networks.
The investigations revealed that one of the main suspects has earned at least 69 million euros in cryptocurrency by renting out criminal infrastructure sites to deploy ransomware, Europol said.
In addition, Germany has issued arrest warrants against eight suspects - seven alleged members of the notorious Trickbot gang, and one individual believed to be a ringleader behind the SmokeLoader malware.
Earlier this week, the US authorities announced they dismantled the 911 S5 botnet used to commit cyber attacks, large-scale fraud, child exploitation, harassment, bomb threats, and export violations, and arrested its alleged administrator Yunhe Wan, a People’s Republic of China national and St. Kitts and Nevis citizen-by-investment.
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on Yunhe Wan along with other two suspected 911 S5 operators, Jingping Liu and Yanni Zheng.