Europol: 4 arrests in broad global anti-malware operation

 


Dubbed "Endgame," the sprawling international operation had a "global impact on the dropper ecosystem," Europol said, referring to a type of software used to inject other malware into a targeted system.

In addition to the four arrests, which took place in Armenia and Ukraine, eight people linked to these criminal activities will be added to the list of the most wanted people in Europe.

This operation, coordinated between May 27 and 29 from the headquarters of the European police service in The Hague, led to around twenty searches in Armenia, Ukraine, as well as Portugal and the Netherlands.

Over 100 servers were seized in various European countries, the US and Canada.

The investigation, which began in 2022, showed that one of the main suspects earned at least 69 million euros in cryptocurrencies by renting criminal infrastructure to develop a ransom, the European judicial service Eurojust said.

Authorities initially targeted the groups behind six malware families: IcedID, SystemBC, Bumblebee, Smokeloader, Pikabot and Trickbot.

These "droppers" are linked to at least 15 ransomware groups, the German federal police and the Frankfurt public prosecutor's office said in a joint statement. "Main threat" -

Droppers "allow criminals to bypass security measures and deploy malicious programs," Europol explained.

"Themselves generally do not cause direct damage, but are critical to gaining access and running malicious software on affected systems," he added.

"All are now used to develop ransomware and are considered the main threat in the infection chain," he explained.

French investigative authorities identified the administrator of "SystemBC", mapped the infrastructure connected to the "dropper" and coordinated the dismantling of a network of dozens of control servers, Paris prosecutor Laure Bequiot said in a statement.

"SystemBC" facilitated anonymous communication between an affected system and its management and control servers, Europol said.

The operator of “Pikabot”, which enables the deployment of ransomware, remote computer control and data theft, was also identified by French authorities.

They proceeded to arrest him and search his home, in Ukraine, with the assistance of the Ukrainian authorities, explained Bekio.

French investigators have also identified one of the key players behind “Bumblebee”, and are investigating it in Armenia, as well as in investigative operations.

“Bumblebee”, which is mainly distributed through phishing campaigns or compromised websites, is designed to allow the development and execution of other attacks.

“Trickbot”, was used mainly to demand ransom from hospitals and health centers in the US during the COVID-19 pandemic.

“We wanted to do this operation before the Olympic Games” in Paris this summer, Nicolas Guidou, head of the cybercrime prosecution of the judicial police (Ofac), which coordinated the operation on the French side, told AFP.

“It is important to weaken the attacking infrastructure, to limit their means,” ahead of this global event, during which authorities fear there will be many cyberattacks, he continued.

Only after examining the servers that were taken offline will the authorities be able to give an estimate of the number of victims, he clarified. They are expected to number in the hundreds of thousands.

Operation “Endgame” is ongoing and more arrests are expected, Europol concluded.

No comments:

Post a Comment