In a massive global operation called Operation Endgame, police forces have taken down the core systems of three major online crime groups, including the Rhadamanthys infostealer, the VenomRAT remote control tool, and the Elysium botnet.
The operation took place between November 10 and 13, 2025, and was managed from Europol’s main office in The Hague, Netherlands. The operation was also supported by Eurojust, the European Union’s judicial cooperation agency.
Key Arrests and Network Takedown
This joint action involved law enforcement and legal teams from 11 nations, including Australia, Belgium, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, the United Kingdom, and the United States.
Authorities also had support from more than 30 organisations, including cybersecurity firms like Proofpoint, CrowdStrike, and Bitdefender, which led to the seizure of 11 malicious domains and the shutdown of over 1,025 servers used by cyber criminals to run malware globally.
Additionally, authorities conducted 11 searches across locations in Germany, Greece, and the Netherlands, and arrested a key suspect linked to the VenomRAT operation in Greece on November 3, 2025.
According to Europol’s press release, further probing revealed the astounding scale of the crime. The systems that were taken down had infected hundreds of thousands of computers, resulting in several million stolen login details.
Europol noted that many victims were not even aware their systems were compromised. The main suspect behind the Rhadamanthys infostealer had access to over 100,000 cryptocurrency wallets, possibly worth millions of euros.
The Fight Continues
This Operation Endgame, as we know it, is part of a bigger, ongoing effort. Hackread.com has followed this fight from the start, reporting on past actions against other hacking tools. This includes the massive May 2024 takedown that hit dropper tools like Smokeloader, IcedID, and Bumblebee, and the disruption of the DanaBot network in May 2025.
Back in April 2025, authorities arrested criminal customers who paid to use the now-defunct Smokeloader service. This shows that authorities are not just going after the big criminals, but also the people who pay to use their services.
If you are worried that your computer might be infected, police urge you to use free tools like politie.nl/checkyourhack to check your status.