TZUTC: -0500
MSGID: 1710.consprcy@1:2320/105 2d7dc7a8
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Operation Endgame 3.0 push takes down more cybercrime servers, disrupting
criminal gangs

Date:
Fri, 14 Nov 2025 12:03:00 +0000

Description:
Rhadamanthys, VenomRAT, and Elysium have officially been taken down, and one
person was arrested.

FULL STORY

Europol has launched the latest phase of its Operation Endgame, looking to
disrupt the activities of some of the largest malware operations active 
today. 

A press release published on Europols website claims between November 10 and
13 its agents, together with national law enforcement agencies from a handful
of European countries, disrupted Rhadamanthys, VenomRAT, and Elysium. 

The activities resulted in more than 1,000 servers either taken down or
disrupted, 20 domains seized, and 11 locations searched (one in Germany and
Greece, and nine in the Netherlands). Furthermore, one person was arrested,
suspected of operating VenomRAT.

Europol's activities 

The dismantled malware infrastructure consisted of hundreds of thousands of
infected computers containing several million stolen credentials, Europol
explained. 

Many of the victims were oblivious to the fact they were targeted, it added,
and said that the main suspect behind the infostealer had access to over
100,000 crypto wallets potentially worth millions. 

News of the operation first surfaced two days ago, when independent security
researchers saw Rhadamanthys  users being locked out of the platform. Those
users, as well as the malwares operators, blamed the German authorities for
the disruption, and urged their users to cover up their tracks. 

Operation Endgames last activity was in May 2025, when Europol and Eurojust
dismantled a ransomware kill chain. In that operation, the police seized
roughly 300 servers, took down 650 domains, and issued international arrest
warrants against 20 individuals. The police also seized 3.5 million in 
various cryptocurrencies. 

Disrupting malware operations is commendable, but without arrests, it is only
a matter of time before they resurface. DanaBot , one of operations that were
taken down in May, resurfaced six months later, with rebuilt infrastructure
and new cryptocurrency wallets to siphon stolen funds to. 

Other backdoor, malware, and loader operations that were disrupted through
Operation Endgame include IcedID, Smokeloader, Qakbot, and Trickbot. 

 Via Infosecurity Magazine 

======================================================================
Link to news story:
https://www.techradar.com/pro/security/operation-endgame-push-takes-down-more-
cybercrime-servers-disrupting-criminal-gangs

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 206 300 307 317 400 426 428 470 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426