Following the massive botnet takedown codenamed Operation Endgame in May 2024, which shut down the biggest malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader and Bumblebee, law enforcement agencies across North America and Europe dealt another blow to the malware ecosystem in early 2025.
In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as ‘Superstar’, faced consequences such as arrests, house searches, arrest warrants or ‘knock and talks’. Superstar used his botnet to run a pay-per-install service, enabling customers to gain access to victims’ machines. Customers used the service to deploy malware for their own criminal activities. Investigations revealed that botnet access was purchased for a range of purposes, including keylogging, webcam access, ransomware deployment, cryptomining and more.
Read more…
Source: Europol
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- FBI Analyst Indicted for Theft of Osama bin Laden Threat Intel
May 24, 2021
An FBI analyst with top-secret security clearance illegally squirreled away national-security documents related to Osama bin Laden, al-Qaeda, cybersecurity and more in her home for years, the feds say. Kendra Kingsbury, who was working in the FBI’s Kansas City Division until being put on leave in December 2017, has been indicted by a federal grand jury ...
- FBI: Conti Ransomware Attacks Impact Healthcare and First Responder Networks
May 20, 2021
The FBI identified at least 16 Conti ransomware attacks targeting US healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year. These healthcare and first responder networks are among the more than 400 organizations worldwide victimized by Conti, over 290 of which are located in the U.S. ...
- DarkSide ransomware servers reportedly seized, operation shuts down
May 14, 2021
The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. This news was shared by a threat actor known as ‘UNKN’, the public-facing representative of the rival REvil ransomware gang, in a forum post first discovered by Recorded Future researcher Dmitry ...
- FBI IC3 Logs 6 Million Complaints – Record Increase in Reporting Brings IC3 to New Milestone
May 14, 2021
It took nearly seven years for the FBI’s Internet Crime Complaint Center (IC3) to log its first million complaints. It took only 14 months to add the most recent million. The IC3 logged five million complaints on March 12, 2020, a few weeks before it marked its 20th anniversary. After a period of record reporting, the ...
- INTERPOL launches initiative to fight cybercrime in Africa
May 12, 2021
SINGAPORE – INTERPOL is creating a new cybercrime operations desk with UK funding to boost the capacity of 49 African countries to fight cybercrime. The Africa desk will help shape a regional strategy to drive intelligence-led coordinated actions against cybercriminals and support joint operations. Cybercrime is one of the most prolific forms of international crime, with damages ...
- US and Australia warn of escalating Avaddon ransomware attacks
May 10, 2021
The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations from an extensive array of sectors in the US and worldwide. The FBI said in a TLP:GREEN flash alert last week that Avaddon ransomware affiliates are trying to breach the networks of manufacturing, ...