The FBI says it dealt a serious blow to four malware groups by shutting down or disrupting over 100 servers hosting the attacks.The crackdown is part of “Operation Endgame,” which saw the FBI and police in Europe dismantle the criminal infrastructure behind four Windows-based malware variants dubbed IcedID, Smokeloader, Pikabot, and Bumblebee.Law enforcement targeted the malware variants for their ability to act as “droppers,” meaning they can install additional malicious code on a PC. According to the FBI, the malware strains caused “hundreds of millions of dollars” in damages via ransomware or password stealers. “These malware services infected millions of computers and were responsible for attacks across the globe, including on health care facilities and critical infrastructure services,” says FBI Director Christopher Wray.
(Credit: Europol)
According to Europol, Operation Endgame also targeted two other malware variants, called SystemBC and Trickbot, that could generate millions by selling access to the infected computers. “All of them are now being used to deploy ransomware and are seen as the main threat in the infection chain,” Europol said.Law enforcement from a dozen countries conducted searches, questioned suspects, and made four arrests, one in Armenia and three in Ukraine. In addition, police seized over 2,000 internet domains tied to the hacking activities.However, not all the suspects were caught. Eight Russian fugitives linked to the Smokeloader and Trickbot malware strains evaded arrest. Although Russia has long refused to extradite hacking suspects to the West, Europol has resorted to publicly exposing the suspects by placing them on Europe’s Most Wanted List.
Recommended by Our Editors
Law enforcement also created a website for Operation Endgame, which trolls the hackers behind the malware variants. “This is Season 1 of Operation Endgame. Stay tuned. It sure will be exciting. Maybe not for everyone though. Some results can be found here, others will come to you in different and unexpected ways,” the site currently says. In the meantime, data breach notification site Have I Been Pwned is notifying users victimized by the malware variants. Law enforcement agencies provided 16.5 million email addresses and 13.5 million unique passwords.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
