- EUROPOL’s Operation Endgame froze $47 million in cryptocurrency and dismantled the infrastructure of SocGholish, Amadey and StealC malware.
- 326 servers, 142 domains and 14,971 infected websites were taken down, disrupting distribution networks and recovering 27 million credentials.
- No arrests were made; experts warn that such disruptions often only temporarily halt criminal operations before infrastructure is rebuilt
Millions of dollars in cryptocurrencies were frozen and hundreds of servers destroyed in a massive operation led by EUROPOL and several national law enforcement agencies against cybercriminals.
Over the past few weeks, EUROPOL has carried out Operation Endgame, working together with law enforcement agencies from Canada, Denmark, Germany, the Netherlands, the United Kingdom and the United States. Several private companies, including Microsoft, also participated.
The objective was the dismantling of the digital infrastructure used by three separate hacking operations: SocGholish, Amadey and StealC. These are known variants of malware, which grant attackers backdoor access and steal valuable secrets from compromised devices.
Shutting down servers and cleaning websites
SocGholish, for example, is a sophisticated JavaScript downloader and loader, linked to a Russian Malware-as-a-Service (MaaS) operation called Evil Corp.
During the operation, police managed to identify and freeze $47 million in cryptocurrencies. He cannot access or recover these funds, but by freezing them he has effectively removed them from circulation. Around 27 million login credentials were also recovered as part of this operation.
Additionally, law enforcement shut down 326 servers and 142 domains used to host and distribute the malware. According to EUROPOL, this “severely crippled” the malware’s distribution network: “By removing these tools simultaneously, collaboration between law enforcement and private parties increased friction for cybercriminals, making it more difficult for attacks to succeed, spread, or resume.” »
EUROPOL also said that by removing SocGholish, 14,971 infected websites had been “fixed”. These are legitimate sites, belonging to different businesses such as restaurants, auto repair shops and others, but which have been compromised and used as launching pads for the distribution of malware.
Unfortunately, no arrests have been made and EUROPOL has not clarified whether the main players in these groups have even been identified. Usually, disruptions like this only temporarily stop malicious activity, which resumes a few weeks after the infrastructure is rebuilt.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
