Cybercrime , Fraud Management & Cybercrime

European Police Take Down Botnet Servers, Make Arrests

'Operation Endgame' Disrupted 5 Botnets Including IcedID and SmokeLoader
European Police Take Down Botnet Servers, Make Arrests
A seizure notice posted on botnet domains seized by Operation Endgame (Image: Dutch National Police)

An international law enforcement operation resulted in the arrests of four botnet operators and the seizure of more than 100 servers used as infrastructure for malware dropper botnets.

See Also: Webinar | Don't Get Hacked in the Cloud: The Essential Guide to CISOcial Distancing

The European, British and U.S. police action, dubbed Operation Endgame, took down infrastructure sustaining botnets including IcedID - also known as Bokbot and SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. An infection by those botnets is typically a precursor to ransomware or other malware. One-third of the seized servers were in the Netherlands, Dutch police said.

As part of the operation, Armenian police arrested one person and Ukrainian police arrested three. Police suspect that some of the detained individuals previously operated the Emotet botnet, the subject of a 2021 multinational law enforcement operation that - typical of botnet takedowns - severely disrupted but did not entirely destroy the criminal operation (see: Emotet Returns With New Tricks Up Its Sleeve).

Europol said one of the detained suspects earned cryptocurrency worth at least 69 millions euros through botnet operations. "The suspect's transactions are constantly being monitored and legal permission to seize these assets upon future actions has already been obtained," said the Netherlands-based European Union law enforcement coordination agency.

Police also confiscated around 2,000 domains associated with the botnets. Attackers often combine malware-as-a-service offerings to execute ransomware attacks (see: Emotet, Ryuk, TrickBot: 'Loader-Ransomware-Banker Trifecta').

German police are actively searching for eight suspects. They include Russian national Airat Gruber, the suspected admin of SmokeLoader, and Oleg Kucherov, Sergey Polyak, Fedor Andreev, Georgy Tesman, and Anton Bragin, who are wanted for their roles in operating and extorting ransomware.

The announcement of the operation comes just a day after U.S. authorities announced a multinational operation against the 911 S5 botnet and the arrest of three Chinese nationals who either were involved in its administration or helped launder it proceeds (see: FBI Says It Dismantled 'Likely the World's Largest Botnet').

Security researcher Troy Hunt, founder of Have I Been Pwned analyzed email addresses and unique passwords provided by law enforcement agencies obtained through Operation Endgame and concluded that around 4.5 million of them associated with the latest action had not been previously linked to any data breaches.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.