Operation Endgame: Ukrainian, Western security services bust international hacking group

  30 May 2024    Read: 555
  Operation Endgame: Ukrainian, Western security services bust international hacking group

International probe described by the FBI as the first of its kind results in several arrests and eight people being added to Europol’s most wanted list.

 

A transnational hacking group that broke into the internal networks of multinational companies and then sold that access to other hackers, including Russian groups, has been busted in the largest ever operation against botnets.

In a joint operation called "Endgame," Ukrainian, British, EU and American law enforcement agencies exposed a hacking group that was breaking into the internal networks of well-known companies and then selling access to other hackers, including Russian groups BlackBasta, Revil and Conti, Ukrainian security service SBU said in a statement.

The group had over 30 members based in eight European countries, including Ukraine. Members were developing and distributing malicious software, especially Pikabot, System BC, Bumblebee, Smokeloader and IcedID.

Hackers used the breach to steal confidential information and then demand ransom from Western corporations. The operation resulted in the arrest of four people, three in Ukraine and one in Armenia. A further eight have been added to Europe's most wanted list, Europol said in a statement.

“This is the largest ever operation against botnets, which play a major role in the deployment of ransomware. One of the main suspects has earned at least €69 million in cryptocurrency by renting out criminal infrastructure sites to deploy ransomware,” Europol added.

The FBI said the operation took down over 100 servers in the past three days to neutralize numerous malware variants.

"These malware services infected millions of computers and were responsible for attacks across the globe, including on health care facilities and critical infrastructure services," said FBI Director Christopher Wray.

"Relying on our unique authorities and in close collaboration with our partners in a dozen countries, the FBI used joint and sequenced actions to run a first-of-its-kind international operation and debilitate the criminal infrastructure of multiple malware services," he added.

The SBU was responsible for the Ukrainian part of the operation and conducted searches of suspect residences in Kyiv region and Zaporizhzhia. “At the same time, in eight countries of the European Union and North America, law enforcement officers seized more than 90 servers and blocked more than 1,000 domains used by hackers,” the SBU said.

Europol added that a virtual command post allowed real-time coordination between the Armenian, French, Portuguese, and Ukrainian officers deployed during field activities.

Politico


More about:


News Line