TrickBot and Other Malware Droppers Disrupted by Law Enforcement

TrickBot and Other Malware Droppers Disrupted by Law Enforcement

May 30, 2024 at 08:30AM

Europol announced the successful shutdown of TrickBot botnet and other malware droppers in an international operation, targeting various criminal activities and arresting cybercriminals. The operation, named Endgame, involved over a dozen countries and resulted in arrests, infrastructure shutdown, asset freezes, and addition of suspects to Europol’s Most Wanted list. Multiple law enforcement agencies and private partners participated in the operation.

Based on the meeting notes, it is evident that an international operation, Operation Endgame, targeting several malware droppers and the infrastructure of the TrickBot botnet was successful. The operation involved authorities from over a dozen countries and resulted in the disruption of criminal activities and the arrest of cybercriminals.

The targeted malware droppers, including Bumblebee, IcedID, Pikabot, Smokeloader, SystemBC, and Trickbot, were used in malicious attacks to harvest information, maintain control of compromised machines, and deploy additional malware families, including ransomware. Each of these droppers had specific functions, such as payload delivery, data theft, remote access, ransomware deployment, and anonymous communication with command-and-control (C&C) servers.

Notably, TrickBot, which has been active since at least 2016 and is believed to be linked to cybercriminals with ties to Russian intelligence services, survived a takedown attempt in late 2020. However, the recent operation has resulted in the shut down of infrastructure, asset freezes, and the addition of eight individuals to Europol’s Most Wanted list, all believed to be linked to these activities.

In addition to these actions, Operation Endgame led to four arrests in Armenia and Ukraine, searches at 16 locations in Armenia, the Netherlands, Portugal, and Ukraine, the shutdown of more than 100 servers, and the seizure of over 2,000 domains by law enforcement. Multiple law enforcement agencies from several countries, along with private partners, participated in the operation.

Furthermore, the meeting notes highlight the involvement of a main suspect who has earned more than €69 million in cryptocurrency from renting websites to ransomware operators. Europol has obtained legal permission to monitor the suspect’s transactions and seize these assets upon future actions.

Overall, the Operation Endgame was a significant success and resulted in substantial disruptions to cybercriminal activities, infrastructure, and the arrest of individuals involved.

Full Article