Following the massive botnet takedown codenamed Operation Endgame in May 2024, which shut down the biggest malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader and Bumblebee, law enforcement agencies across North America and Europe dealt another blow to the malware ecosystem in early 2025.
In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as ‘Superstar’, faced consequences such as arrests, house searches, arrest warrants or ‘knock and talks’. Superstar used his botnet to run a pay-per-install service, enabling customers to gain access to victims’ machines. Customers used the service to deploy malware for their own criminal activities. Investigations revealed that botnet access was purchased for a range of purposes, including keylogging, webcam access, ransomware deployment, cryptomining and more.
Read more…
Source: Europol
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- US, UK crack down on Russian bulletproof hosting service ZServers for LockBit partnership
February 12, 2025
Russia-based bulletproof hosting services provider (BPH) ZServers has been sanctioned by the United States, Australia, and the United Kingdom for its alleged involvement with the LockBit ransomware group. In a press release, the Australian Federal Police (AFP) said ZServers was providing services to threat actors responsible for the Medibank Private breach that happened in October 2022. ...
- Thai-Swiss-US Operation Nets Hackers Behind 1,000+ Cyber Attacks
February 10, 2025
Thai police arrested four European hackers in Phuket who allegedly stole $16 million through ransomware attacks affecting over 1,000 victims worldwide. The suspects, wanted by Swiss and US authorities, were caught in coordinated raids across four locations. Officers from Cyber Crime Investigation Bureau, led by Police Lieutenant General Trairong Phiwphan, conducted “Operation PHOBOS AETOR” in Phuket ...
- U.K. orders Apple to let it spy on users’ encrypted accounts
February 7, 2025
Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post. The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not ...
- Tackling cybercrime: common challenges and legislative solutions identified by Europol and Eurojust
January 31, 2025
Published today, the latest joint report by Europol and Eurojust, Common Challenges in Cybercrime, explores the persistent and emerging issues that hinder cybercrime investigations. This year’s edition not only identifies key obstacles—particularly in the field of digital evidence—but also examines how new legislative measures could help address them. The report highlights several pressing challenges faced by ...
- Europol: Law enforcement takes down two largest cybercrime forums in the world
January 30, 2025
A Europol-supported operation, led by German authorities and involving law enforcement from eight countries, has led to the takedown of the two largest cybercrime forums in the world. The two platforms, Cracked and Nulled, had more than 10 million users in total. Both of these underground economy forums offered a quick entry point into the cybercrime ...
- 5 linked to cyber espionage ring arrested in Türkiye
January 27, 2025
Authorities arrested five people on cyber espionage charges through a software system uncovered thanks to information from the National Intelligence Organization (MIT), Turkish media reported Monday. An investigation led by the Chief Public Prosecutor’s Office in the capital, Ankara, discovered that a software program known as “Avatar” or “Adalet” (Turkish for “justice”), exclusively designed for attorneys, ...