In a coordinated international effort between 19 and 22 May, authorities across several countries launched a large-scale operation targeting some of the world’s most dangerous malware variants. The joint action led to the dismantling of numerous malware infrastructures and the identification of key perpetrators behind them.
Key outcomes of the operation include:
- Over 300 servers taken offline
- 650 domains neutralised
- EUR 3.5 million in cryptocurrency seized (EUR 21.2 million total seized under Operation Endgame)
- 37 suspects identified
- 20 international arrest warrants issued
This week’s crackdown follows Operation Endgame, launched in May 2024—the largest botnet takedown to date. The current phase, often referred to as Endgame 2.0, focused on dismantling the next generation of malware, including Bumblebee, Lactrodectus, Qakbot, DanaBot, HijackLoader, Trickbot, and WarmCookie. These forms of initial access malware play a critical role in cyberattacks by breaching systems and enabling further malicious activities such as ransomware deployment.
By targeting these early-stage threats, the operation strikes a blow to the entire cybercrime-as-a-service ecosystem.
International Cooperation at the Core
Given the global scale of cybercrime, cross-border collaboration was essential. Authorities were able to exchange information and align their investigative efforts thanks to close coordination. Europol supported the operation from the outset, providing strategic direction, operational and analytical assistance, cryptocurrency tracing, and facilitating real-time information exchange among international partners.
Participating countries and agencies included:
- Germany: Federal Criminal Police Office (BKA), Frankfurt Cybercrime Prosecutor’s Office, Federal Office for Information Security
- France: Cybercrime units of PPO Paris, BL2C, and OFAC
- Netherlands: Public Prosecution Service and National Police
- Denmark: National Special Crime Unit and NC3 High Tech Crime
- United Kingdom: National Crime Agency
- United States: FBI, Department of Justice’s CCIPS, and the U.S. Attorney’s Office (Central District of California)
- Canada: Royal Canadian Mounted Police (RCMP)
What’s Next?
Operation Endgame is far from over. Ongoing investigations will continue under international coordination, with updates shared via the dedicated Operation Endgame website. In addition, 18 suspects will be featured on the EU’s Most Wanted list from 23 May, with public appeals launched to assist in their capture.
