Operation Endgame Targets Trickbot, IcedID, Other Botnets in Huge Disruption

Operation Endgame Targets Trickbot, IcedID, Other Botnets in Huge Disruption

In perhaps the largest coordinated action against malware operators and their infrastructure, Europol and a cadre of law enforcement agencies have disrupted the operations of several notorious malware families, including IcedID, Trickbot, Smokeloader, and Bumblebee. As part of the disruption, authorities arrested four suspects, seized more than 2,000 domains and 100 servers.

The action, known as Operation Endgame, was a comprehensive move against a large swath of the malware infrastructure in use today. Trickbot, for instance, has been in operation for barely a decade and has been used to drop many other types of malware, including the Ryuk ransomware, and has been associated with Emotet, as well. IcedID has occupied a similar position in the ecosystem and has been used by many cybercriminals to drop additional malware on compromised systems. Many of the malware families targeted in Operation Endgame have been in operation for quite a long time, and some of them, including Trickbot, have been targeted by takedowns in the past.

But this operation has a different flavor to it, not just with the broad international coordination, but also with the promise of more to come in the future.

“International law enforcement and partners have joined forces. We have been investigating you and your criminal undertakings for a long time and we will not stop here. This is Season 1 of operation Endgame. Stay tuned. It sure will be exciting. Maybe not for everyone though. Some results can be found here, others will come to you in different and unexpected ways,” the Operation Endgame site says.

Eight Russian suspects allegedly associated with these various malware operations have been added to Europol’s most wanted list as a result of the action. Several security companies and other organizations assisted with Operation Endgame, including Abuse.ch, Spamhaus, Team Cymru, and Shadowserver.

Go to Source