Law enforcement agencies disrupted a vast network of cybercrime tools between November 10 and 14, 2025, coordinated from Europol’s headquarters in The Hague, Netherlands.
Dubbed the latest phase of Operation Endgame, the effort targeted three notorious malware families: the infostealer Rhadamanthys, the Remote Access Trojan (RAT) VenomRAT, and the Elysium botnet.
These stealers and botnets have contributed to ransomware attacks and data theft globally, impacting hundreds of thousands of victims and stealing millions in credentials and cryptocurrency.
The operation, led by Europol and Eurojust, united authorities from 11 countries, including Australia, Belgium, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, the United Kingdom, and the United States.
Private sector partners played a pivotal role, with contributions from cybersecurity firms like Cryptolaemus, Shadowserver, SpyCloud, Proofpoint, CrowdStrike, Lumen, Abuse.ch, Have I Been Pwned, Spamhaus, DIVD, and Bitdefender. Their expertise in threat intelligence, sinkholing, and malware analysis helped identify and neutralize the infrastructure.
The dismantled network comprised hundreds of thousands of compromised computers holding millions of stolen credentials.
Rhadamanthys alone granted its operators access to over 100,000 cryptocurrency wallets, potentially valued at millions of euros.
Many victims remain unaware of infections, underscoring the stealthy nature of these threats. Infostealers quietly harvest login details, while RATs like VenomRAT enable remote control for espionage or ransomware deployment, and botnets like Elysium amplify distributed denial-of-service (DDoS) attacks and spam campaigns.
Europol’s command post in The Hague buzzed with over 100 officers from participating nations, facilitating real-time intelligence sharing on seized servers, suspects, and data transfers. Eurojust supported legal tools like European Arrest Warrants and Investigation Orders.
Operation Endgame, focused on ransomware enablers since its inception, signals no end to the fight. Authorities urge individuals to check for infections using resources like politie.nl/checkyourhack and haveibeenpwned.com.
As cybercriminals adapt, this phase highlights the power of global collaboration in disrupting underground economies. Victims and researchers alike should monitor for residual threats, as the next move in this cyber chess game looms.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
