EuroJust, in partnership with Europol and law enforcement from ten countries, coordinated a major cybercrime operation named Operation Endgame, culminating in November 2025. This operation illustrates the EU’s strategic, cross-border approach to dismantling serious cybercriminal infrastructure responsible for malware distribution, particularly infostealers, Remote Access Trojans (RATs), and botnets.
Key Action Points:
- Coordinated International Effort: 10 countries participated (including Germany, France, Netherlands, Denmark, UK, US, Australia, and Canada), demonstrating strong judicial and law enforcement collaboration.
- Infrastructure Disruption: Authorities dismantled 1,025 servers and seized 20 criminal domain names, targeting infostealer and botnet networks that infected hundreds of thousands of computers globally.
- Arrest and Evidence Collection: The primary suspect linked to the VenomRAT was arrested in Greece, and authorities conducted 11 searches, seizing login data for over 100,000 cryptocurrency wallets.
- Operational Support: EuroJust enabled real-time judicial request handling and live communication between prosecutors; Europol provided analytic, forensic, and crypto-tracing support.
Infostealing Cybercrime Context:
Infostealing malware (like Rhadamanthys and VenomRAT) is designed to covertly extract sensitive information—such as passwords, banking credentials, email, messaging, and cryptocurrency wallet data—from victims’ devices. The stolen data is then used in secondary crimes including financial fraud and identity theft.
- Infostealers: Malicious programs deployed via phishing emails or fake antivirus pages that harvest data from browsers and apps. “Rhadamanthys” is a recent example sold as “malware-as-a-service.”
- Botnets: Networks of infected computers controlled remotely by criminals. Botnets enable large-scale data theft and facilitate further cyber-attacks.
- Remote Access Trojans (RATs): Tools that permit attackers to control compromised computers remotely. “VenomRAT” enabled full unauthorized access to victim systems.
EU Judicial Cooperation Model:
EuroJust acts as the central hub for legal coordination across member and partner states, enabling quick evidence sharing, synchronized enforcement timelines, and harmonized takedowns. This approach targets the cybercrime “kill chain” early—disrupting ransomware and data theft operations before further harm can occur.
Key Compliance and Regulatory Takeaways:
- Cross-Jurisdictional Action: Modern cybercrime often transcends national borders. EuroJust’s collaborative network streamlines investigations, arrests, and evidence handling.
- Public-Private Partnership: The operation involved cybersecurity firms as crucial partners, reflecting the need for industry expertise.
- Crypto Asset Seizure: The identification and seizure of illicitly obtained cryptocurrency highlights the evolution of financial crime enforcement into the digital asset realm.
- Focus on Prevention: By proactively shutting down malware infrastructure, authorities lowered risk exposure for millions of individuals and businesses worldwide.
Conclusion:
Operation Endgame marks an advanced example of coordinated EU and international cybercrime enforcement, targeting the core infrastructure behind modern infostealing and botnet attacks. The model employed by EuroJust demonstrates best practices in transnational compliance, regulatory synchronization, and public-private partnership—crucial elements for modern cybercrime response and prevention .
