Operation Endgame 2: 15 million email addresses and 43 million passwords

On the weekend, “Operation Endgame 2.0” was announced, a campaign by international criminal investigators against malware creators and distributors. Law enforcement agencies seized domains and arrested suspects – and gained access to millions of victims' email addresses and passwords.

The authorities have now provided this data to the Have-I-Been-Pwned Project (HIBP). Its operator Troy Hunt has added a total of 15.3 million email addresses and 43.8 million passwords of victims to HIBP's data pool, as he writes in a data leak entry.

Testing options

The Have-I-Been-Pwned project offers a search for your email address and returns whether and, if so, in which data leaks the email address appeared. Those affected should change the access data for affected accounts as soon as possible. HIBP can also be used to check whether passwords have appeared in the data leaks.

As cyber criminals test such passwords together with any email addresses and access data, it is essential to change the password for the service used if it is found.

During “Operation Endgame 2.0”, German security authorities also dealt a severe blow to the criminal masterminds. The BKA and the public prosecutor's office in Frankfurt am Main have taken 50 servers offline in Germany alone and shut down 650 domains that are no longer under the control of the cyber criminals. Members of the criminal gangs behind Trickbot and Qakbot, all Russian nationals, are still being sought.

In addition, the criminal investigators were able to relieve the perpetrators' crypto exchanges of Bitcoin worth the equivalent of 3.5 million euros. They could also seize control of a total of 300 servers from the criminals. Investigations into the operation are focusing on the people behind the droppers Bumblebee, DanaBot, HijackLoader, Latrodectus, Qakbot, Trickbot and Warmcookie. These droppers download further malware such as ransomware.

(dmk)