Operation Endgame: Police reveal takedowns of three key cybercrime tools

Steven

Operation Endgame: Police reveal takedowns of three key cybercrime tools

Summary

An international law enforcement coalition coordinated from Europol in The Hague has disrupted infrastructure behind three major cybercrime tools: the Rhadamanthys infostealer, the VenomRAT remote access trojan and the Elysium botnet. The latest phase of Operation Endgame, beginning 10 November, involved raids and seizures across multiple countries and targeted systems that reportedly infected hundreds of thousands of victims worldwide.

Authorities arrested the main suspect linked to VenomRAT in Greece and executed 11 raids (one in Germany, one in Greece and nine in the Netherlands). They seized 20 domains and disrupted or took down over 1,025 servers. Europol says the dismantled infrastructure contained hundreds of thousands of infected machines and several million stolen credentials, including access to over 100,000 crypto wallets.

Key Points

  • Operation Endgame disrupted three major threats: Rhadamanthys (infostealer), VenomRAT (RAT) and the Elysium botnet.
  • The operation began on 10 November and was coordinated by Europol with partners from Australia, Belgium, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, the UK and the US.
  • Authorities carried out 11 raids, arrested a main suspect in Greece, seized 20 domains and disrupted or removed over 1,025 servers globally.
  • Europol reports the infrastructure held hundreds of thousands of compromised computers and several million stolen credentials; around 2 million email addresses and 7.4 million passwords are associated with the takedown.
  • Investigators warn the infostealer operator had access to more than 100,000 crypto wallets potentially worth millions of euros.
  • Victims are urged to check their exposure via the police portal and Have I Been Pwned: https://www.politie.nl/en/information/checkyourhack.html and https://haveibeenpwned.com/Breach/OperationEndgame3.

Context and Relevance

This phase follows earlier waves of Operation Endgame, which previously targeted botnet infrastructure and, more recently, actors in the ransomware ecosystem. The scale of seized credentials and compromised systems underlines the persistent threat posed by commodity malware—infostealers and RATs remain highly effective for harvesting passwords, crypto keys and credentials that fuel wider criminal markets.

For organisations and individuals, the takedowns reduce immediate abuse opportunities and supply for cybercrime services, but they also highlight the need for continuous defensive measures: patching, credential hygiene, two-factor authentication and breach monitoring.

Why should I read this?

Because this is one of those rare coordinated wins — law enforcement just pulled the plug on tools that have been quietly wrecking people’s accounts and wallets. If you care about whether your email, passwords or crypto could be exposed, take two minutes to check the links above. Simple prevention now saves a right headache later.

Author’s take

Punchy and direct: this is a major disruption with real victims and millions of compromised credentials. It’s a reminder that organised cybercrime relies on commoditised toolkits; taking those toolkits offline is a big deal, but not the end of the problem. Stay vigilant.

Source

Source: https://therecord.media/operation-endgame-cybercrime-takedowns-rhadamanthys-venomrat-elysium