The FBI, in collaboration with European police, has significantly disrupted four major malware groups in “Operation Endgame.” This operation shut down over 100 servers used by four Windows-based malware variants: IcedID, Smokeloader, Pikabot, and Bumblebee.
These malware strains, known as “droppers,” install additional malicious code on PCs, causing significant financial damage. The FBI stated these malware services infected millions of computers worldwide, targeting health care facilities and critical infrastructure, resulting in hundreds of millions of dollars in damages.
Europol noted that Operation Endgame also targeted two additional malware variants, SystemBC and Trickbot, used to generate millions by selling access to compromised systems. These variants primarily deploy ransomware, posing a significant cyber threat.
The operation involved law enforcement from twelve countries, leading to searches, questioning of suspects, and four arrests—one in Armenia and three in Ukraine. Over 2,000 internet domains tied to the malware activities were also seized. However, eight Russian suspects linked to Smokeloader and Trickbot remain at large, with Russia refusing to extradite them. Europol has publicly exposed these fugitives by placing them on Europe’s Most Wanted List.
Law enforcement created a website for Operation Endgame to taunt the hackers, stating, “This is Season 1 of Operation Endgame. Stay tuned. It sure will be exciting. Maybe not for everyone though.”
Meanwhile, the data breach site Have I Been Pwned is alerting users affected by the malware with 16.5 million email addresses and 13.5 million passwords provided by law enforcement.