Following the massive botnet takedown codenamed Operation Endgame in May 2024, which shut down the biggest malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader and Bumblebee, law enforcement agencies across North America and Europe dealt another blow to the malware ecosystem in early 2025.
In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as ‘Superstar’, faced consequences such as arrests, house searches, arrest warrants or ‘knock and talks’. Superstar used his botnet to run a pay-per-install service, enabling customers to gain access to victims’ machines. Customers used the service to deploy malware for their own criminal activities. Investigations revealed that botnet access was purchased for a range of purposes, including keylogging, webcam access, ransomware deployment, cryptomining and more.
Read more…
Source: Europol
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- U.S. to sanction crypto exchanges, wallets used by ransomware
September 17, 2021
The Biden administration is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware gangs to convert ransom payments into fiat money. With ransomware attacks against US interests and infrastructure escalating over the past two years, the White House has increased its efforts to disrupt ransomware operations Read more… Source: Bleeping Computer
- Former U.S. intel operatives to pay $1.6M for hacking for foreign govt
September 15, 2021
The U.S. government has entered a Deferred Prosecution Agreement (DPA) with three former intelligence operatives to resolve criminal charges relating to their offering of hacking services to a foreign government. Between 2016 and 2019, Marc Baier, Ryan Adams, and Daniel Gericke provided their services to a company that ran sophisticated hacking operations for the United Arab ...
- Ukrainian man extradited to the US to face botnet, data theft charges
September 10, 2021
A Ukrainian man was arrested in Poland and extradited to the US to face charges as an alleged botnet operator. The US Department of Justice (DoJ) said this week that Glib Oleksandr Ivanov-Tolpintsev was taken into custody in Korczowa, Poland, on October 3 last year. As the US and Poland have an extradition treaty, the 28-year-old was ...
- Ragnar Locker Gang Warns Victims Not to Call the FBI
September 7, 2021
All that the FBI/ransomware negotiators/investigators do is muck things up, so we’re going to publish your stuff if you call for help, the Ragnar Locker ransomware gang announced on its darknet data-leak site. In an announcement posted this week and seen by Bleeping Computer, the ransomware operators threatened to publish all the data of victimized organizations ...
- FBI: OnePercent Group Ransomware targeted US orgs since Nov 2020
August 23, 2021
The Federal Bureau of Investigation (FBI) has shared info about a threat actor known as OnePercent Group that has been actively targeting US organizations since at least November 2020 as a ransomware affiliate. The US federal law enforcement agency shared indicators of compromise, tactics, techniques, and procedures (TTP), and mitigation measures in a flash alert published ...
- Secret terrorist watchlist with 2 million records exposed online
August 16, 2021
A secret terrorist watchlist with 1.9 million records, including classified “no-fly” records was exposed on the internet. The list was left accessible on an Elasticsearch cluster that had no password on it. In July this year, Security Discovery researcher Bob Diachenko came across a plethora of JSON records in an exposed Elasticsearch cluster that piqued his interest. Read ...