Tracking & Law Enforcement

1,000+ Servers Hit in Law Enforcement Takedown of Rhadamanthys, VenomRAT, Elysium

An individual believed to have been involved in the operation of VenomRAT was arrested recently in Greece.

Website seized in Operation Endgame 3.0

A major international law enforcement operation has dealt a significant blow to cybercrime activities involving the Rhadamanthys infostealer, the VenomRAT remote access trojan, and the Elysium botnet, Europol announced on Thursday.

The action, part of the long-running Operation Endgame, involved authorities in the United States, Australia, Canada, and eight European countries, as well as several cybersecurity companies and non-profit organizations. 

The latest takedown efforts, dubbed Operation Endgame 3.0, have targeted Rhadamanthys, VenomRAT, and Elysium, which authorities have described as “three large cybercrime enablers”.

Law enforcement searched 11 locations in Germany, Greece, and the Netherlands. One individual was arrested in Greece over his alleged role in the operation of the VenomRAT malware. 

On the technical side, 20 domains were seized and more than 1,000 servers worldwide were disrupted or taken down. 

“The dismantled malware infrastructure consisted of hundreds of thousands of infected computers containing several million stolen credentials,” Europol said. “Many of the victims were not aware of the infection of their systems. The main suspect behind the infostealer had access to over 100 000 crypto wallets belonging to these victims, potentially worth millions of euros.” 

Advertisement. Scroll to continue reading.

[ Read: Infostealers: The Silent Smash-and-Grab Driving Modern Cybercrime ]

Police identified more than 2 million compromised email addresses and 7.4 million passwords, which have been shared with the data breach notification service Have I Been Pwned to enable users to check whether they are impacted by the cybercrime operations. 

According to The Shadowserver Foundation, one of the non-profits involved in Operation Endgame 3.0, Rhadamanthys has been “one of the leading infostealers”. Shadowserver has shared some data on Rhadamanthys infections around the world. 

Related: Interpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims Notified

Related: Counter Antivirus Service AVCheck Shut Down by Law Enforcement

Related: TrickBot and Other Malware Droppers Disrupted by Law Enforcement

Related Content

Cybercrime

Hundreds of C&C servers were disrupted in an operation involving law enforcement and several cybersecurity companies.

Malware & Threats

Law enforcement and private partners took down 106 SocGholish C&C servers and domains as part of Operation Endgame.

Government

The 13 websites purported to be affiliated with consulting companies that advertised job openings for current and former holders of security clearances

Identity & Access

As attackers increasingly favor stolen credentials over exploits, infostealers have become a primary source of access for ransomware and other cybercrime operations.

Cybercrime

Law enforcement and tech companies disrupted infrastructure linked to scammers operating across Southeast Asia.

Cybercrime

Dutch authorities seized command-and-control servers tied to a botnet of infected computers, smartphones, and tablets that was allegedly used to power a residential proxy...

Malware & Threats

Security firms took down all four command-and-control (C&C) channels used by the GlassWorm malware.

Cybercrime

The two own Dutch companies that allegedly provided bulletproof hosting services to Russia-aligned threat actors.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version