November 2025 — The FBI, working alongside international law enforcement agencies, has successfully dismantled a network of cybercriminal tools including an infostealer, remote access trojan, and botnet as part of Operation Endgame. This marks the third large‑scale action under the initiative, which was launched to disrupt criminal infrastructure fueling ransomware attacks worldwide.
Scope of the Operation
- 1,025 servers taken offline.
- 20 domains seized.
- One suspect arrested in Greece.
- Targeted malware included the Rhadamanthys infostealer, VenomRAT, and the Elysium botnet, all widely used by cybercriminals to steal data, gain remote access, and launch ransomware campaigns.
International Collaboration
The operation was conducted in partnership with authorities from Australia, Belgium, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, and the United Kingdom. This coordinated effort underscores the growing importance of cross‑border cooperation in tackling cybercrime, which often exploits global networks and infrastructure.
Strategic Importance
By dismantling these systems, law enforcement agencies have struck at the core services cybercriminals rely on, significantly disrupting their ability to operate. Officials emphasized that the takedown is part of a broader strategy to defend national security and protect businesses and individuals worldwide from ransomware and data theft.
Outlook
Operation Endgame continues to target criminal infrastructure at scale, with further actions expected as global partners intensify efforts against ransomware networks. The FBI noted that the initiative demonstrates how international collaboration can deliver decisive blows against cybercrime, safeguarding digital ecosystems and reinforcing trust in global cybersecurity.
FBI Headquarters – J. Edgar Hoover Building, Washington, DC Picture by ajay_suresh
