Police take down three cybercrime operations in latest round of ‘whack-a-mole’

In a significant move against cybercrime, an international coalition of law enforcement agencies, spearheaded by Europol, has successfully dismantled three prominent cybercrime operations as part of what they term "Operation Endgame." This coordinated effort targeted the notorious infostealing malware Rhadamanthys, a botnet known as Elysium, and the remote access trojan VenomRAT, all of which have played pivotal roles in global cybercriminal activities. Authorities reported the seizure of over 1,000 servers during this operation, marking a decisive blow to these cybercriminal enterprises. Notably, on November 3, police apprehended a key suspect connected to VenomRAT in Greece. According to Europol, the dismantling of this malware infrastructure revealed a staggering number of infected computers, with several million stolen credentials at risk. Alarmingly, many victims were unaware that their systems had been compromised. The main suspect linked to Rhadamanthys was found to have access to more than 100,000 cryptocurrency wallets, potentially valued at millions of euros. Rhadamanthys is specifically designed to extract sensitive information from infected devices, including passwords and cryptocurrency wallet keys. Following the takedown of the well-known infostealer Lumma earlier this year, Rhadamanthys saw a surge in usage, highlighting the adaptability of cybercriminals who pivot to lesser-known tools when their primary methods are disrupted. When it first appeared in 2022, Rhadamanthys primarily spread through malicious Google ads but quickly gained traction through discussions on underground forums, as noted by Lumen's Black Lotus Labs, which is a cybersecurity partner in Operation Endgame. In a recent blog post, the firm indicated that after the Lumma takedown, Rhadamanthys experienced a significant increase in victims, becoming the most prolific infostealer by volume. Reports from October indicated that this malware had compromised over 12,000 victims. Ryan English, a researcher at Black Lotus Labs, remarked that Rhadamanthys has emerged as the preferred infostealer following Lumma's downfall. He noted that while law enforcement and the cybersecurity industry continue to combat these threats, the cycle of cybercrime resembles a game of whack-a-mole, where new threats constantly emerge as old ones are eliminated.