Operation Endgame: Coordinated Worldwide Law Enforcement Action Against Network of Cybercriminals
The Federal Bureau of Investigation announces major worldwide disruption of malware in international cyber operation
The Federal Bureau of Investigation (FBI) announces Operation Endgame, a multinational coordinated cyber operation by the United States, Denmark, France, Germany, the Netherlands, and the United Kingdom, with assistance from Europol and Eurojust, to dismantle criminal infrastructure responsible for hundreds of millions of dollars in damages worldwide. Law enforcement in Ukraine, Portugal, Romania, Lithuania, Bulgaria, and Switzerland supported police actions to arrest or interview suspects, conduct searches, and seize or take down servers.
Beginning on May 28, 2024, the first coordinated international operation of its kind involved a dozen countries that conducted searches, questioned or arrested subjects, and took down or disrupted more than 100 servers to defeat multiple malware variants. The malware “droppers” and “loaders” were used to gain access to victim’s computers, either dropping ransomware or other malware used to collect and steal personal and financial login information.
“Operation Endgame demonstrates the FBI’s continued fight against cybercrime and malware-as-a-service models,” said FBI Director Christopher Wray. “Relying on our unique authorities and in close collaboration with our partners in a dozen countries, the FBI used joint and sequenced actions to run a first-of-its-kind international operation and debilitate the criminal infrastructure of multiple malware services. These malware services infected millions of computers and were responsible for attacks across the globe, including on health care facilities and critical infrastructure services. The fight against borderless cybercrime does not end here, and the FBI is committed to tackling this ever-evolving threat.”
As part of Operation Endgame, the FBI and international partners took various actions to neutralize the threat posed by at least four malware groups, including IcedID, Smokeloader, Pikabot, and Bumblebee. These malware groups have infected millions of computers and claimed countless victims around the world and throughout the United States, including a hospital network, which not only cost millions of dollars but alarmingly put people’s lives at risk due to the compromised critical care online system.
“The results of Operation Endgame are astounding and send a strong message to cyber criminals around the world. The FBI has special agents, computer scientists, forensic accountants, and other employees with an expertise in science and technology and the determination to attack cybercriminal networks no matter where they are located,” said Robert M. DeWitt, the FBI Charlotte special agent in charge. “We are proud of the critical role FBI employees from field offices across the country played in this massive international takedown.”
The FBI Charlotte, FBI Indianapolis, FBI Jacksonville, FBI Los Angeles, and FBI Cleveland Field Offices conducted the operation with close coordination and assistance from Defense Criminal Investigative Service, the United States Secret Service, the Danish National Police National Special Crime Unit, French National Police and National Gendarmerie, Germany’s Federal Criminal Police, Dutch National Police National Hi-Tech Crime Unit, Portugal’s Polícia Judiciária, Security Service of Ukraine, and United Kingdom’s National Crime Agency, with assistance from Europol and Eurojust.