With evidence that the tools had overlapping infrastructure, company attorneys invoked RICO statutes that focus on organized crime; the legal motion was then capable of treat each tools as a part of a single conspiracy. In consequence, Microsoft said, it disrupted greater than 200 command-and-control servers and severed criminal control of greater than 18,000 infected computers. Europol, which helped coordinate the law-enforcement a part of the operation, said it recovered as many as 27 million stolen login credentials and uncovered $47 million value of “crypto assets of criminal origin.”
“During this motion, 326 servers and 142 domains were actioned by law enforcement and the private sector partners, severely crippling the malware’s distribution network,” Europol said. “By taking down these tools concurrently, the collaboration between law enforcement and personal parties has increased friction for cybercriminals, making it harder for attacks to succeed, spread, or recuperate.”
Other corporations assisting in “Operation Endgame” include ESET, Proofpoint and IBM X-Force, Bitsight, and Mitsui Bussan Secure Directions.
Europol said that one other tool disrupted in Operation Endgame is SocGholish, a malware loader linked to the Russian cybercrime group Evil Corp. that spreads through compromised web sites. Visitors to those sites are tricked into installing trojanized apps posing as browser extensions or other legitimate software. Europol said it has responded by cleansing infected WordPress sites and urging administrators of the sites to alter credentials and tighten security. It has also worked to notify parties whose data and credentials were exposed through SocGholish activities. Countries involved within the enforcement motion include Canada, Denmark, Germany, the Netherlands, the UK, and the US.