[German]Law enforcement officers seized 300 servers and 650 domains used for ransomware attacks this week in Operation Endgame. As a result, cybercriminal networks were dismantled, funds confiscated and some suspects arrested. Further actions against cybercriminals were carried out with the Raptor and DANABOT campaigns. Here is an overview.
Advertising
Operation Endgame – new actions
In April 2025, I already reported on some actions against botnets in the German article Europol-Operation Operation Endgame: Botnetz abgeschaltet, Verdächtige verhaftet. And in May 2024, there was also an operation (see Operation Endgame: 911 S5 Botnet zerschlagen; Administrator in internationaler Operation verhaftet). Now the next operation has been carried out.
According to this site, the global operational capability of cyber criminals has been significantly disrupted. In an operation coordinated by Europol and Eurojust, law enforcement and judicial authorities dismantled the central infrastructure used for ransomware attacks by various groups.
From May 19 to 22, the authorities shut down around 300 servers worldwide in Operation Endgame, neutralized 650 domains and issued international arrest warrants for 20 targets, dealing a direct blow to the ransomware kill chain.
In addition, €3.5 million in cryptocurrency was seized during the week of action, bringing the total amount seized in Operation Endgame to €21.2 million.
Action against DANABOT
This latest phase of Operation ENDGAME follows on from the largest international action against botnets to date in May 2024. It was directed against new malware variants and successor groups that had re-emerged after last year's takedown.
Advertising
Bleeping Computer has made another classification here. It also mentions that the US Department of Justice has taken legal action against 16 defendants in a Russian cyber gang using the DANABOT malware.
ZScaler offers a DANABOT detector on GitHub, and has published a detailed DANABOT analysis in this blog post.
Operation Raptor
There was also Operation Raptor, in which law enforcement conducted global raids. Law enforcement agencies arrested 270 people worldwide as part of this Operation RapTor. It is a large and comprehensive operation against illegal activities on dark web marketplaces.
The operation, which targeted both sellers and buyers involved in the trade of illegal goods, spanned several countries. Most of the arrests were made in the following regions:
- United States – 130
- Germany – 42
- United Kingdom – 37
- France – 29
- South Korea – 19
A further 13 arrests were made in the Netherlands, Austria, Brazil, Spain and Switzerland. The coordinated action is intended to underline the growing international commitment to dismantling dark web networks. The authorities are signaling that anonymity on the Internet is no protection from the law.
Advertising
