Malware families including Rhadamanthys Stealer, Venom RAT, and Elysium botnet were disrupted as part of a coordinated law enforcement operation led by Europol and Eurojust.
The operation, which will take place from November 10 to 13, 2025, marks the latest phase of Operation Endgame, an ongoing operation aimed at shutting down criminal infrastructure and combating ransomware enablers around the world.
In addition to dismantling the “three major cybercrime enablers,” authorities arrested the main perpetrator of the Venom RAT in Greece on November 3, with over 1,025 servers down and 20 domains seized.
“The dismantled malware infrastructure consisted of hundreds of thousands of infected computers containing millions of stolen credentials,” Europol said in a statement. “Many victims were unaware that their systems were infected.”
It is currently unclear whether the Elysium botnet Europol is referring to is the same proxy botnet service as RHAD security (also known as Mythical Origin Labs), a threat actor associated with Rhadamanthys, whose promotion was also observed last month.
Europol also noted that the main suspects of the information thieves had access to more than 100,000 cryptocurrency wallets belonging to victims, which could amount to millions of euros.
A recent analysis published by Check Point revealed that the latest version of Rhadamanthys incorporates several mechanisms to fly under the radar, as well as adding support for device and web browser fingerprint collection.
Authorities participating in this effort include law enforcement agencies from Australia, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, and the United States.
(This is a developing story. Check back for more updates.)
Source link
