A coordinated law enforcement operation led by Europol has disrupted several prominent malware-dropping botnets currently in operation, including Bumblebee, IcedID, Pikabot, Smokeloader, SystemBC, and Trickbot. The operation, known as Operation Endgame, involved the UK’s National Crime Agency (NCA), the US’s FBI, and agencies from several other countries. Industry support was also provided by various cyber specialists.
During the operation, four arrests were made, properties were searched, servers were taken down, and domains were seized. It was revealed that one suspect had made millions in cryptocurrency by renting out criminal infrastructure sites to ransomware gangs. Europol emphasized that this is just the beginning of Season 1 of Operation Endgame and further actions will be announced on their website.
Malware droppers serve as a staging post for other malware, particularly ransomware lockers, in cyber attacks. The security community has welcomed the successful operation but emphasized the need for continued vigilance to prevent reinfection. In a separate operation led by the US Justice Department, a joint Chinese-St Kitts and Nevis national was arrested for operating a botnet involved in various criminal activities.
The suspect had allegedly made millions of dollars by offering cyber criminals access to millions of infected computers. Cyber criminals using this botnet were involved in a range of illegal activities, including stealing billions of dollars, fraudulent unemployment claims, and exporting goods in violation of local export controls. The suspect had acquired various high-value assets with the profits from his criminal activities, leading to his arrest.