Operation Endgame: Major blow against global cybercrime
Law enforcement officers from seven countries have succeeded in taking action against various botnets and taking them offline.
(Image: BKA)
Investigators from the BKA and several other countries have confiscated more than 100 servers worldwide and put 1300 domains out of operation. This was announced by the public prosecutor's office in Frankfurt am Main and the Federal Criminal Police Office (BKA) on Thursday morning. The "Operation Endgame" was mainly directed against the groups behind the botnets of the six malware families IcedID, SystemBC, Bumblebee, Smokeloader, Pikabot and Trickbot. This malware, known as a dropper, is associated with at least 15 ransomware groups, explains the BKA.
In a way, a dropper is a package containing a virus that is released for the first time. Similar to biological viruses, which cannot function independently and always require a host in the form of an application, the dropper is therefore the carrier program that a virus needs to initially take action. Cyber criminals use them as a door opener to infect victim systems unnoticed and then load further malware. This allows personal data such as usernames and passwords to be tapped or infected systems to be encrypted with ransomware intending to extortion.
The BKA considers Smokeloader, which has been around for over ten years and has been continuously developed, to be the most dangerous dropper from a German perspective. During Operation Endgame, the technical infrastructure of Smokeloader and five other dropper services was confiscated and their control taken over by the law enforcement authorities. "This deprived the perpetrators of access to thousands of victim systems," writes the BKA. The Smokeloader botnet alone comprised several hundred thousand systems last year.
Videos by heise
Ten arrest warrants
During the operation on Tuesday and Wednesday, 16 properties in Armenia, the Netherlands, Portugal, and Ukraine were searched as the final stage of a lengthy investigation, and a large amount of evidence was seized. The data seized is currently being analyzed and could lead to further investigations.
Ten international arrest warrants were issued, and four people were provisionally arrested. The BKA writes that Germany has issued arrest warrants for a total of eight people. Seven people are being sought who are "strongly suspected of having participated as members of a criminal organization for the purpose of spreading the Trickbot malware", the investigators said.
"Largest international police operation against cybercrime"
"An asset freeze of 69 million euros was obtained against an identified operator and administrator", the press release states. In addition, 99 crypto wallets with a current total volume of more than 70 million euros were blocked on numerous crypto exchanges.
Law enforcement officers from the Netherlands, France, Denmark, Great Britain, Austria, and the USA were involved in the operation under the leadership of the BKA. They were supported by the police authority Europol and the European Union Agency for Judicial Cooperation in Criminal Matters.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier eine externe Umfrage (Opinary GmbH) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (Opinary GmbH) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
"With the largest international cyber police operation to date, the law enforcement authorities have succeeded in striking a significant blow against the cybercrime scene," said BKA Vice President Martina Link according to the press release. "The current success is based on measures against infrastructures, actors and their financial resources."
(anw)
