Operation Endgame 3: 1025 Servers Taken Offline
International law enforcement has once again struck a blow against malware and its underlying infrastructure.
Law enforcement has created an AI film for Operation Endgame 3.
(Image: Operation Endgame)
International law enforcement from various countries has once again struck a blow against malware, botnets, and servers belonging to the infrastructure of cybercriminal organizations. They have taken down and temporarily disabled VenomRAT, Elysium, and 1025 servers.
On the website for the "Operation Endgame" cybercrime action, an AI video greets visitors, making fun of the cybercriminals behind the Rhadamanthys infostealer. The website itself is quite aggressively designed. "Season 3 of Operation Endgame has begun," the law enforcement agencies state rather boldly.
Not Just Infostealers Targeted
The operation took place between November 10 and 13, 2025, and was coordinated from Europol headquarters in The Hague. The investigators targeted not only the Rhadamanthys infostealer but also the VenomRAT remote access trojan and the Elysium botnet. Officials explain that all three play a key role in international cybercrime, and the authorities have shut down these three major cybercrime enablers.
The main suspect behind the VenomRAT remote access malware was arrested in Greece on November 3. The disabled infrastructure was responsible for hundreds of thousands of malware infections worldwide, law enforcement officials further explain. Behind the crippled infrastructure were hundreds of thousands of infected computers, which in turn contained millions of stolen credentials. Many victims were unaware of their computers being infected. The main suspect behind the Rhadamanthys infostealer had access to over 100,000 crypto wallets belonging to these victims, potentially worth millions of euros. On the website of the Dutch police and at Have-I-Been-Pwned, interested parties can check if their email address was part of the criminal exploits.
Alon Gal, CEO of the Israeli threat intelligence specialist Hudson Rock, is knowledgeable about the infostealer scene. He notes in an interview with heise security that the criminals' nervousness is limited: "These people have a high tolerance for risk and are not discouraged by publicity-generating actions from law enforcement."
Videos by heise
The second Operation Endgame action took place at the end of May this year. During that operation, international law enforcement issued 20 arrest warrants and took 50 servers offline in Germany alone, and seized 650 domains from the control of cybercriminals. During their analysis, investigators found 15 million email addresses and 43 million passwords from victims, which the Have-I-Been-Pwned project has incorporated into its database.
(dmk)
