Operation Endgame 3.0 Takes Down Three Major Malware Networks
▼ Summary
– Operation Endgame dismantled three major malware strains (Rhadamanthys, VenomRAT, and Elysium) across 11 countries in a coordinated law enforcement effort.
– The operation resulted in over 1025 servers disrupted, 20 domains seized, 11 locations searched, and the arrest of VenomRAT’s main operator in Greece.
– Europol confirmed the dismantled infrastructure had infected hundreds of thousands of victims worldwide with malware.
– The initiative involved law enforcement from six EU countries, Australia, Canada, the UK, and the US, plus Europol and over 30 private cybersecurity partners.
– Rhadamanthys had become a leading infostealer after previous disruptions, with Shadowserver Foundation notifying 201 CSIRTs in 175 countries about infections between March and November 2025.
A major international law enforcement initiative has successfully dismantled three significant malware networks responsible for infecting hundreds of thousands of computers globally. Operation Endgame 3.0, conducted between November 10th and 13th, represents a coordinated strike against cybercriminal infrastructure across eleven nations. This action targeted the notorious Rhadamanthys information stealer, the VenomRAT remote access trojan, and the Elysium botnet, dealing a substantial blow to their operational capabilities.
The results of the operation were extensive. Authorities managed to take down or disrupt more than 1025 servers located around the world. They also seized control of 20 internet domains and executed searches at 11 different locations. These searches took place at one site in Germany, another in Greece, and nine separate locations within the Netherlands. A significant development was the arrest in Greece of the individual suspected of being the primary operator behind the VenomRAT malware.
Europol confirmed the scale of the threat, stating that the dismantled infrastructure had been instrumental in distributing malware to a vast number of victims internationally. The collaborative effort brought together law enforcement agencies from six European Union countries, alongside partners from Australia, Canada, the United Kingdom, and the United States. Europol and Eurojust provided central coordination from their headquarters in The Hague, with additional support from more than thirty private cybersecurity companies.
Focusing on the specific threats, the Rhadamanthys infostealer had rapidly ascended to a leading position among data-stealing malware. This rise occurred particularly after a previous phase of Operation Endgame, known as ‘Season 2,’ had created a vacuum in the infostealer market. According to the Shadowserver Foundation, the malware’s reach was enormous. The UK-government funded organization reported that between March and November, it had sent infection alerts concerning Rhadamanthys to 201 national computer security incident response teams spread across 175 countries. These notifications also went out to over 10,000 network owners worldwide, highlighting the pervasive nature of the threat.
(Source: Info Security)
