Collapsed hundreds of malicious servers and seized millions of euros in cryptocurrencies

In an extensive, coordinated international operation, several countries have set a severe blow to some of the world’s most dangerous programs this week, the European Agency for Combating Crime Europol and the EU Agency for Justice Cooperation EUROJUST reported on Friday. Between Monday and Thursday, surgery under the broader campaign « Endgame Operation » has been affected by key actors in the cyber crime ecosystem.

According to Europol and the Euro, more than 300 servers and 650 domains around the world, according to Europol and Eurojup, were involved in the campaign involving the bodies from Canada, Denmark, France, Germany, the Netherlands, the United States and the United States. It was also seized for € 3.5 million in cryptocurrencies, bringing the total amount seized as an Endgame operation since its beginning of 2024, rose to more than € 21.2 million. 37 suspects were identified, and international arrangements were obtained for 20 individuals who are criminally charged.

The target of surgery was mainly the so -called Initial Access Malware malicious programs such as Bumblebee, Lactrodectus, Qakbot, Danabot, Hijackloader, Trickbot and Warmcookie. According to Europol and Eurojast, these programs allow cybercrime criminals to invade the victim systems, where they then load additional harmful software, such as extortion viruses (ransomware). « Because these versions are at the beginning of the chain of cyber attacks, their disabling is damaging the entire ecosystem of ‘cyber crime as services’, » agencies said.

On Thursday, the US Ministry of Justice (Breasts) published indictments against 16 individuals due to their alleged involvement in the development and use of the malicious program of Danabot. At the same time, the federal indictment against Rustamo Rafailevic GalljamovA 48-year-old from Moscow, who is supposed to lead a cyber criminal organization responsible for QAKBOT, whose international bodies were interrupted in 2023. Among the accused for the development of Danabot, they are also stated by Doj Alexander Stepanovknown as jimmbee, and Artem Aleksandrovich Kalincinknown as Onix, both from Novosibirska in Russia.

According to the German Federal Criminal Office (BKA), which led the European part of the investigation, most of the 20 suspects, for whom international car warrants were issued, are Russian citizens. Among the most sought after by BKA is also a 36-year-old Russian Vitaly Nikolajevich Kovaljevwhich is already sought after in the US and, according to German investigators, is supposed to be one of the key players behind the Conti, Royal and Blacksuit blackmail groups and one of the « most successful blackmailers in the history of cyber crime. » His crypto wallet is estimated to be worth around one billion euros and is expected to be in Moscow.

In Germany, where about 50 servers were disabled, investigations focused primarily on suspicion of organized extortion and membership in a foreign criminal organization, BKA reported and the Frankfurt State Prosecutor’s Office responsible for fighting cyber crime. BKA President Holger Munch said that Germany is a common target for cybercriminals and that the extradition of most suspects from Russia is unlikely, but their identification is nevertheless important and harms them.

EUROPOLA CEO Catherine de Bolle stressed that this operation « shows law enforcement capacity to adapt and strike, even when cyber criminals are transformed. » Photo: Leon Vidic/Work

Executive Director of Europol Catherine de Bolle She stressed that this surgery « shows law enforcement capacity to adapt and hit again, even when cyber criminals are transformed. » Europol announced that in the upcoming assessment of organized crime on the Internet for 2025, which will be published on June 11, it will particularly point out the danger of intermediaries for initial access.