Between November 10 and 14, 2025, law enforcement agencies executed one of the most significant coordinated operations against cybercriminals in recent history.
Operation Endgame, coordinated from Europol’s headquarters in The Hague, successfully dismantled three major threats to global cybersecurity: the infamous Rhadamanthys infostealer, the VenomRAT remote access trojan, and the Elysium botnet.
This remarkable international effort brought together authorities from eleven countries, including the United States, Canada, Australia, and multiple European nations.
Over 100 law enforcement officers staffed a command center at Europol to coordinate the complex operation. At the same time, more than 30 public and private organizations provided critical support to the investigation.
Authorities dismantled over 1,025 servers worldwide, seized 20 domains, and arrested a primary suspect behind VenomRAT operations in Greece on November 3.
The targeted infrastructure infected hundreds of thousands of victims worldwide with malware designed to steal sensitive information and compromise computer systems.
Rhadamanthys, the primary focus of the operation, represented one of the most dangerous infostealers on the dark web.
The main suspect responsible for this malware had access to over 100,000 cryptocurrency wallets belonging to infected victims, potentially worth millions of euros.
Additionally, the seized infrastructure contained millions of stolen credentials harvested from unsuspecting users worldwide.
What made this operation particularly significant was the multilateral coordination required to execute it successfully.
Law enforcement from Denmark, France, Germany, Greece, Lithuania, the Netherlands, Belgium, Canada, Australia, and the United States worked seamlessly together.
Critical private-sector support came from organizations such as CrowdStrike, Proofpoint, Bitdefender, and Have I Been Pwned, highlighting the need for public-private partnerships to combat cybercrime.
Beyond the physical takedown of servers, authorities implemented a strategic awareness component. Police directly contacted criminal users of these services, urging them to provide information about infostealer operations.
Simultaneously, the Operation Endgame website publicly exposed the failing criminal infrastructure, sending a clear message to the cybercriminal underworld that their operations face constant threat.
For victims concerned about potential compromise, authorities established accessible resources.
The websites checkyourhack.politie.nl and haveibeenpwned.com allow individuals to verify whether their systems have been compromised and receive guidance on protective measures.
Europol provided essential analytical and forensic support throughout the operation, facilitating real-time intelligence sharing among participating agencies.
Eurojust assisted in executing European Arrest Warrants and coordinating cross-border investigation orders, streamlining the legal processes necessary for such international operations.
By dismantling these three interconnected criminal platforms simultaneously, authorities disrupted the infrastructure enabling some of the most damaging cybercrimes globally.
However, law enforcement agencies stress that this action is not an endpoint but rather a significant milestone in ongoing efforts to protect citizens worldwide from evolving cyber threats.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and set GBH as a Preferred Source in Google.