The "largest ever" botnet takedown operation is happening right now — Operation Endgame takes multiple criminal gangs offline

artistic representation of a hacker
Image credit: Shutterstock (Image credit: Shutterstock)

Europol and its partners are currently running the “largest ever operation against botnets,” targeting multiple malware droppers, seizing hundreds of servers, thousands of domains, and even making a few arrests. 

The law enforcement says this operation will severely hinder botnet operations across the world, and thus make the internet a safer place for everybody.

The law enforcement said between May 27 and 29, it coordinated “Operation Endgame”, a major cybersecurity crackdown on botnets that “play a major role in the deployment of ransomware”. IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot are among the botnets being disrupted by this campaign.

Europe's Most Wanted

During the raid, the agents made four arrests, grabbing an individual from Armenia, and three from Ukraine. They also searched 16 locations (one in Armenia, one in the Netherlands, three in Portugal, and 11 in Ukraine), took down or disrupted more than 100 servers across Europe, North America, and the UK, and seized more than 2,000 domains.

Besides making four arrests, it is also adding eight fugitives to Europe’s Most Wanted list. “The individuals are wanted for their involvement in serious cybercrime activities,” the law enforcement agency said in the announcement. Furthermore, it said that one of the main suspects raked in at least €69 million in cryptocurrency, by renting out criminal infrastructure sites to deploy ransomware.

It was left unclear if this suspect is arrested or currently on the run, however, Europol said their transactions are “constantly being monitored” and that it has legal permission to seize them if necessary, hinting that this person is not yet in custody. 

The operation was initiated and led by France, Germany and the Netherlands, with support from Eurojust, Denmark, the United Kingdom and the United States. 

Armenia, Bulgaria, Lithuania, Portugal, Romania, Switzerland and Ukraine also supported the operation with different actions, such as arrests, interviewing suspects, searches, and seizures or takedowns of servers and domains, Europol concluded, also saying that a number of private security firms participated as well, naming Bitdefender, Cryptolaemus, Sekoia, Shadowserver, Team Cymru, Prodaft, Proofpoint, NFIR, Computest, Northwave, Fox-IT, HaveIBeenPwned, Spamhaus, DIVD, abuse.ch and Zscaler.

Operation Endgame is not yet completed, and Europol set up a dedicated webpage on which it plans to release more information in less than five days.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
BadBox malware hit after infecting over 500,000 Android devices
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Cyber crime concept with man in handcuffs
Global police operation takes down major cybercrime and hacking forums
Ransomware
8base ransomware site taken down in global police operation
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Another huge new botnet is infecting thousands of webcams and video recorders for DDoS attacks
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently revealing the full cast for Avengers: Doomsday, and I think it's going to be a long-winded announcement
Samsung QN90F on yellow background
Samsung announces US prices for its 2025 mini-LED TV lineup, and it’s good and bad news
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow