An international law enforcement coalition led by Europol has successfully neutralized three major cybercrime operations in the latest phase of “Operation Endgame.” The coordinated strike resulted in the seizure of over 1,000 servers used to facilitate global digital theft, marking a significant blow to the infrastructure supporting infostealing malware.
Targeting the Malware Infrastructure
The operation focused on three specific threats identified as central to international cybercriminal activity: the Rhadamanthys infostealer, the Elysium botnet, and the VenomRAT remote access trojan. According to official reports, the dismantled network comprised hundreds of thousands of compromised systems, housing millions of stolen credentials from victims who were largely unaware their devices were infected.
Authorities achieved a breakthrough on November 3, arresting the primary suspect behind VenomRAT during a raid in Greece. Meanwhile, investigations into the Rhadamanthys operation revealed that the lead operator had gained unauthorized access to over 100,000 cryptocurrency wallets, representing a potential loss of millions of euros for victims.
The ‘Whack-a-Mole’ Reality of Cybercrime
The takedown of Rhadamanthys highlights the adaptive nature of modern cybercriminals. After authorities disrupted the Lumma infostealer earlier this year, Rhadamanthys rapidly surged in popularity. Cybersecurity analysts at Black Lotus Labs noted that Rhadamanthys became the largest information-stealer by volume following Lumma’s collapse, compromising over 12,000 victims in October alone.
Initially distributed via malicious Google advertisements in 2022, Rhadamanthys eventually scaled its operations through underground forums. Black Lotus Labs documented the malware’s consistent rise, noting that it quickly became the “go-to” tool for threat actors looking to replace lost infrastructure.
Future Outlook for Digital Security
Ryan English, a researcher at Black Lotus Labs, emphasized the cyclical nature of these enforcement efforts. While the seizure of 1,000 servers disrupts current operations, the industry anticipates that new threats will inevitably emerge to fill the void.
“We know that others will take their place, so we just keep tracking to see who’s emerging from that,” English stated. He characterized the ongoing battle between law enforcement and cybercriminal syndicates as a permanent game of “whack-a-mole,” noting that while authorities can mitigate individual threats, the underlying ecosystem remains resilient.