With evidence that the devices had overlapping infrastructure, company lawyers invoked the RICO statute that targets organized crime; Legal action was then able to treat both devices as part of the same conspiracy. As a result, Microsoft said, it disrupted more than 200 command-and-control servers and broke the criminal’s control of more than 18,000 infected computers. Europol, which helped coordinate the law-enforcement part of the operation, said it recovered 27 million stolen login credentials and uncovered $47 million worth of “crypto assets of criminal origin.”
“During this operation, 326 servers and 142 domains were targeted by law enforcement and private sector partners, severely disrupting the malware’s distribution network,” Europol said. “By removing these tools together, collaboration between law enforcement and private parties has increased the friction for cybercriminals, making it harder for attacks to succeed, spread, or recover from.”
Other companies assisting in “Operation Endgame” include ESET, Proofpoint and IBM X-Force, BitSight and Mitsui Busan Secure Direction.
Europol said another tool disrupted in Operation Endgame is Sokgolish, a malware loader linked to Russian cybercrime group Evil Corp that spreads through compromised websites. Visitors to these sites are tricked into installing Trojanized apps posing as browser extensions or other legitimate software. Europol said it responded by cleaning up infected WordPress sites and urging the sites’ administrators to change credentials and tighten security. It also served to notify parties whose data and credentials were exposed through Sockgolish activities. Countries involved in the enforcement action include Canada, Denmark, Germany, the Netherlands, the UK and the US.
<a href