"Operation Endgame"

Investigators strike biggest blow against cybercrime

In the course of "Operation Endgame", several of the currently most influential malware families were taken offline.(Bild: www.operation-endgame.com)

Investigators are talking about the biggest strike against cyber criminals: in a coordinated operation in several countries, more than 100 servers were confiscated worldwide and 1300 domains were put out of operation. This was announced by the public prosecutor's office in Frankfurt am Main and the German Federal Criminal Police Office (BKA) on Thursday. Austrian authorities were also involved in the operation.

The operation was primarily directed against the groups behind the six malware families "IcedID", "SystemBC", "Bumblebee", "Smokeloader", "Pikabot" and "Trickbot". The "Trickbot" dropper, for example, was used to attack hospitals and health centers in the USA during the coronavirus pandemic. According to Europol, the total number of victims targeted by the groups that have now been dismantled can only be determined once the confiscated servers have been analyzed.

According to the German Federal Criminal Police Office, the six malware families in the focus of the international operation served as "door openers" for cyber criminals to infect attacked computer systems with further malware. The aim of such attacks was, among other things, to access personal data such as usernames and passwords - or to encrypt the attacked systems or networks with so-called ransomware. 

Numerous arrest warrants
According to the information, ten international arrest warrants were issued and four people were provisionally arrested during the measures coordinated by German authorities. Arrest warrants were issued by Germany for eight people involved. On this basis, seven people are being sought who are "strongly suspected of having participated as members of a criminal organization for the purpose of spreading the Trickbot malware", the investigators added.

A total of four suspects were arrested in Armenia and Ukraine. According to Europol, eight further suspects are to be added to the EU-wide list of most wanted criminals. The "Endgame" operation was coordinated from Europol's headquarters in The Hague. According to the German Federal Criminal Police Office (BKA), assets worth 69 million euros were seized from a server operator and cryptocurrency worth more than 70 million euros was frozen.

During the operation on Tuesday and Wednesday, a total of 16 properties in Armenia, the Netherlands, Portugal and Ukraine were searched and a large amount of evidence was seized. The data seized is currently being analyzed and could lead to further investigations.

Surrounding investigations in Austria
Law enforcement officers from the Netherlands, France, Denmark, Great Britain, the USA and Austria were involved in the operation. Domestic domains were also affected, according to the spokesman of the Federal Criminal Police Office, Heinz Holub-Friedreich. The experts carried out field investigations to check the information from Germany and provide administrative assistance.

The operation was carried out specifically before the Olympic Games in Paris, said the head of the French anti-cybercrime unit, Nicolas Guidoux, to AFP. It was important to weaken the infrastructure of cyber criminals before this "world event".