A group of law enforcement agencies coordinated by Europol and Eurojust has attacked key online infrastructure ransomware groups use. Primary targets were malware variants and successor groups reemerging from previous takedowns.
The attack, carried out as part of the ongoing Operation Endgame, took down nearly 300 servers worldwide, 650 domains, seized €3.5 million in cryptocurrencies, and issued international arrest warrants against 20 targets between May 19 and 22. Europol announced the following malware strains neutralised:
- Bumblebee
- Lactrodectus
- Qakbot
- Hijackloader
- DanaBot
- Trickbot
- Warmcookie
These malware variants were used as a service by hackers to gain initial access for larger ransomware attacks. They’re often used as a first step in most attack chains, meaning disabling them effectively renders the entire attack obsolete.
Another global law enforcement operation coordinated by Europol announced a day before the latest attack claims it arrested 270 dark web vendors and buyers across 10 countries, including the US, Germany, the UK, France, South Korea, Australia, the Netherlands, Brazil, Switzerland, and Spain. In addition to the arrests, Operation RapTor also made major seizures as follows:
- More than €184 million in cash and crypto
- Over 2 tons of drugs
- More than 180 firearms
- 12,500 fake products
- Over 4 tonnes of illegal tobacco.
Data collected from a previous operation that targeted dark web marketplaces Nemesis, Tor2Door, Bohemia, and Kingdom Markets was used to identify suspects. A similar operation dubbed Operation SpecTor in 2023, had led to 288 arrests.
Such significant blows in rapid succession are bound to slow down cybercriminals for some time, if not entirely eradicate them. However, given LockBit’s revival following its takedown by the FBI in Operation Cronos, it could only be a matter of time before new variants start popping up on the radar.
In the News: Thousands of routers globally are now hacker honeypots
