Europol, Europe’s law enforcement agency, has announced the arrest of four individuals, and the success of a global operation targeting cybercriminals who used botnets to steal data, send spam and extort money through ransomware.
Botnets are networks of compromised computers used to launch cyberattacks.
“Operation Endgame” targeted malware droppers like IcedID, SystemBC, Smokeloader, Pikabot and Bumblebee, and seized control of over 2,000 websites.
The operation was conducted between 27th and 29th May and led by France, Germany and the Netherlands. It also involved collaboration with several other countries, including the UK, the USA and Ukraine.
“This is the largest ever operation against botnets, which play a major role in the deployment of ransomware,” Europol said.
The agency said one of the arrests took place in Armenia, with the remaining three in Ukraine.
Investigators estimate that a single suspect amassed €69 million in cryptocurrency by renting out infrastructure for these ransomware attacks.
Authorities are now hunting eight fugitives believed to be involved in the scheme, who will be added to Europe’s “most wanted” list.
With many suspects still at large, Europol warns that Operation Endgame is ongoing, and future busts are planned.
USA dismantles ‘world’s largest’ botnet
Across the Atlantic, the US Department of Justice (DoJ) on Wednesday announced the dismantling of “likely the world’s largest botnet ever,” a network of 19 million hijacked devices known as 911 S5.
This botnet is believed to have facilitated a wide range of cybercrimes.
YunHe Wang, a 35-year-old Chinese national, was arrested in Singapore for allegedly creating and running 911 S5 from 2014 to 2022.
The botnet functioned as a residential proxy service, essentially renting out access to compromised computers to other criminals. These infected devices were used to anonymise malicious activity, including cyberattacks, identity theft, financial fraud, bomb threats, child exploitation and export violations.
Authorities believe Wang spread the malware via free VPNs and software bundles. He is also accused of managing a network of 150 servers, 76 of them located in the US, to control the infected devices and facilitate criminal activity.
The DoJ says criminals used 911 S5 to steal “billions” from financial institutions and government programmes by submitting fraudulent claims from compromised IP addresses.
Attackers were also able to purchase goods with stolen credit cards and illegally export them overseas.
Wang is thought to have made a handsome profit from his scheme, generating nearly $100 million by selling access to the botnet. He allegedly used this money to acquire a fleet of luxury cars, expensive watches and numerous properties across multiple countries.
“The conduct alleged here reads like it’s ripped from a screenplay: A scheme to sell access to millions of malware-infected computers worldwide, enabling criminals over the world to steal billions of dollars, transmit bomb threats, and exchange child exploitation materials – then using the scheme’s nearly $100 million in profits to buy luxury cars, watches, and real estate,” said Matthew S. Axelrod, assistant secretary for export enforcement in the US Department of Commerce’s Bureau of Industry and Security.
“What they don’t show in the movies, though, is the painstaking work it takes by domestic and international law enforcement, working closely with industry partners, to take down such a brazen scheme and make an arrest like this happen.”
Wang faces decades in prison if convicted on all charges.
