A multinational police coalition, led by the European Union’s justice and police agencies, has launched a major operation against malware droppers dubbed “Operation Endgame.” This initiative aims to combat large-scale malware deployments by targeting droppers and loaders. Over the course of the operation, which took place from May 27 to May 29, four individuals were arrested, more than 100 servers were seized, and control of over 2,000 domains was taken. The arrests occurred in Ukraine and Armenia, with servers being disrupted in various countries including Bulgaria, Canada, Germany, and the U.S.
Law enforcement agencies in France, Germany, and the Netherlands led the operation, with support from other countries such as Denmark, the U.K., and the U.S., as well as the European Union’s Eurojust agency. Malware droppers and loaders, including Bumblebee, IcedID, Smokeloader, and Trickbot, were targeted by Operation Endgame.
Europol reported that many victims were unaware of the malware infecting their systems, leading to financial losses amounting to hundreds of millions of euros. One suspect allegedly made €69 million in cryptocurrency by renting out sites for deploying ransomware. Eight fugitives are currently being pursued in connection with the operation.
FBI Director Christopher Wray emphasized the ongoing fight against cybercrime and the importance of organizations taking steps to defend against malware. Companies are advised to educate employees on cybersecurity best practices, including being cautious of email attachments and suspicious websites. Additionally, it is recommended to verify the legitimacy of file attachments in email threads to prevent malware infections.
