Police Disrupt Cybercrime: Three Operations Taken Down

Operation Endgame Disrupts Major Cybercrime Networks

A collaborative effort involving international law enforcement, coordinated by Europol, has resulted in the dismantling of three significant cybercrime operations under the banner of “Operation Endgame.”

Targeted Malware and Networks

The police operation specifically focused on the Rhadamanthys infostealing malware, the Elysium botnet, and the VenomRAT remote access trojan. Authorities have confirmed that these three entities were central to a range of international cybercriminal activities.

Over 1,000 servers were seized during the course of this operation.

Key Arrest and Infrastructure Disruption

Europol announced the arrest of the primary individual responsible for VenomRAT, apprehended in Greece on November 3rd.

The compromised infrastructure encompassed hundreds of thousands of infected computers, harboring millions of compromised credentials. A significant number of those affected were unaware their systems had been breached.

Rhadamanthys and Cryptocurrency Wallets

Investigations revealed that the individual controlling Rhadamanthys had access to over 100,000 cryptocurrency wallets, representing a potential value of millions of euros.

Infostealer Dynamics and the Rise of Rhadamanthys

Rhadamanthys functions as an infostealer, designed to extract sensitive data from infected devices, including passwords and cryptocurrency wallet keys. Its prevalence increased notably in October following the takedown of the Lumma infostealer earlier in the year.

This demonstrates a pattern where cybercriminals readily adapt and utilize alternative, less-known hacking tools in the wake of disruptions.

Initial Spread and Growth of Rhadamanthys

Launched in 2022, Rhadamanthys initially propagated through malicious Google advertisements. Subsequently, its reach expanded through recommendations within underground online forums, as detailed by Lumen’s Black Lotus Labs, a cybersecurity partner in Operation Endgame.

Rhadamanthys as a Leading Infostealer

Black Lotus Labs reported a “dramatic uptick” and “consistent rise in the number of victims” for Rhadamanthys after the Lumma takedown. This positioned it as the largest information-stealer malware by volume.

In October alone, the malware compromised over 12,000 victims, according to the firm’s data.

Industry Perspective on Evolving Threats

Ryan English, a researcher at Black Lotus Labs, explained to TechCrunch that Rhadamanthys quickly became the preferred infostealer following Lumma’s removal.

English emphasized the continuous nature of this challenge, stating that new threats will inevitably emerge, requiring ongoing monitoring and response from law enforcement and the cybersecurity community.