Between 27 and 29 May 2024 Operation Endgame, coordinated from Europol’s headquarters, targeted droppers including, IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. The actions focused on disrupting criminal services by arresting High-Value Targets, taking down criminal infrastructures, and freezing illegal proceeds.
This approach had a global impact on the dropper ecosystem. The malware, whose infrastructure was taken down during the action days, facilitated attacks with ransomware and other malicious software. Following the action days, eight fugitives linked to these criminal activities, wanted by Germany, will be added to Europe’s Most Wanted list on 30 May 2024. The individuals are wanted for their involvement in serious cybercrime activities.
This is the largest-ever operation against botnets, which play a major role in the deployment of ransomware. The operation, initiated and led by France, Germany, and the Netherlands was also supported by Eurojust and involved Denmark, the United Kingdom, and the United States.
In addition, Armenia, Bulgaria, Lithuania, Portugal, Romania, Switzerland, and Ukraine also supported the operation with different actions, such as arrests, interviewing suspects, searches, and seizures or takedowns of servers and domains. Several private partners at the national and international level including Bitdefender, Cryptolaemus, Sekoia, Shadowserver, Team Cymru, Prodaft, Proofpoint, NFIR, Computest, Northwave, Fox-IT, HaveIBeenPwned, Spamhaus, DIVD, abuse.ch and Zscaler also supported the operation.
The coordinated actions led to 4 arrests (1 in Armenia and 3 in Ukraine), 16 location searches, over 100 servers taken down or disrupted in Bulgaria, Canada, Germany, Lithuania, the Netherlands, Romania, Switzerland, the United Kingdom, the United States, and Ukraine, and brought over 2 000 domains under the control of law enforcement. Furthermore, it has been discovered through the investigations so far that one of the main suspects has earned at least €69 million in cryptocurrency by renting out criminal infrastructure sites to deploy ransomware. The suspect’s transactions are constantly being monitored and legal permission to seize these assets upon future actions has already been obtained.
Europol facilitated the information exchange and provided analytical, crypto-tracing, and forensic support to the investigation. To support the coordination of the operation, Europol organized more than 50 coordination calls with all the countries as well as an operational sprint at its headquarters. Over 20 law enforcement officers from Denmark, France, Germany, and the United States supported the coordination of the operational actions from the command post at Europol and hundreds of other officers from the different countries involved in the actions. In addition, a virtual command post allowed real-time coordination between the Armenian, French, Portuguese, and Ukrainian officers deployed on the spot during the field activities.
At the annual Quantum Developer Conference, IBM unveiled fundamental progress on its path to delivering both quantum advantage by the end of 2026 and fault-tolerant quantum computing by 2029.
Google announced new investments in the European market.
At its sixth annual Innovation and Intellectual Property Forum, Huawei revealed it booked around $630 million in patent licensing revenue during 2024.
