Major Crackdown: Police Disrupt Global Malware Networks

Law enforcement agencies across Europe have carried out a major new phase of Operation Endgame, an ongoing effort to shut down cybercrime networks. In this latest action, authorities targeted the servers and infrastructure used by several criminal groups to run malware campaigns.

Between November 10 and 13, police forces from multiple countries worked together to take down more than 1,000 malicious servers. They also seized 20 domains and carried out raids in Germany, Greece, and the Netherlands. During these raids, one suspect linked to the VenomRAT malware operation was arrested.

This phase of Operation Endgame focused on disrupting three major malware platforms:

• Rhadamanthys – an infostealer used to steal passwords, browser data, and cryptocurrency wallet information.
• VenomRAT – a remote-access trojan that gives attackers full control of infected computers.
• Elysium – a botnet system used to coordinate large-scale malicious activity.

The servers taken down were connected to hundreds of thousands of infected devices worldwide, and investigators say they contained millions of stolen credentials. This shows how deeply these malware operations had spread.

This is not the first major success for Operation Endgame. Earlier in May, a previous phase of the operation dismantled large parts of the ransomware supply chain, taking down hundreds of servers and disrupting many criminal services.

Authorities say this latest action strikes at the “service layer” of cybercrime — the platforms criminals rely on to run malware, sell access, and launch attacks. By removing these core systems, police hope to weaken multiple cybercrime groups at once.

Operation Endgame is supported by Europol, Eurojust, and law enforcement agencies from the US, Canada, Australia, and several EU countries. The goal is to make malware distribution and cybercrime-as-a-service much harder for criminals to maintain