Europol’s Operation ENDGAME Strikes At Heart Of Cybercrime’s Botnet Universe
Europol and Partners Take Down Another Major Botnet Cybercrime Organization
Primary Category: Cybercrime
Authors:
• SCARS Editorial Team – Society of Citizens Against Relationship Scams Inc.
• Europol
About This Article
Europol’s largest-ever operation against botnets, dubbed Operation Endgame, targeted malware droppers like IcedID, SystemBC, Pikabot, Smokeloader, and Bumblebee. Coordinated from Europol’s headquarters between May 27 and 29, 2024, the operation aimed to disrupt criminal services by arresting high-value targets, taking down criminal infrastructures, and freezing illegal proceeds.
The multinational effort, involving countries such as France, Germany, the Netherlands, and the United States, led to four arrests, 16 location searches, and the takedown of over 100 servers. This operation, supported by Eurojust and various private partners, addressed the complex challenge of international cybercrime, highlighting the critical role of botnets in deploying ransomware.
Despite the successes, the fight against cybercrime continues, with ongoing efforts to apprehend remaining suspects and dismantle criminal networks.

Europol’s Largest Ever Operation Against Botnets Hits Dropper Malware Ecosystem – Massive Multinational Law Enforcement Operation Stikes Deep Into Cybercriminality
The Europol-led international operation shut down botnets supporting malware Droppers including IcedID, SystemBC, Pikabot, Smokeloader, and Bumblebee leading to four arrests and the takedown of over 100 servers worldwide
Operation Endgame
Between 27 and 29 May 2024 the Europol Operation Endgame, coordinated from Europol’s headquarters, targeted droppers including, IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. The actions focused on disrupting criminal services by arresting High-Value Targets, taking down criminal infrastructures, and freezing illegal proceeds. This approach had a global impact on the dropper ecosystem. The malware, whose infrastructure was taken down during the action days, facilitated attacks with ransomware and other malicious software. Following the action days, eight fugitives linked to these criminal activities, wanted by Germany, will be added to Europe’s Most Wanted list on 30 May 2024. The individuals are wanted for their involvement in serious cybercrime activities.
This is the largest-ever operation against botnets, which play a major role in the deployment of ransomware. The operation, initiated and led by France, Germany, and the Netherlands was also supported by Eurojust and involved Denmark, the United Kingdom, and the United States. In addition, Armenia, Bulgaria, Lithuania, Portugal, Romania, Switzerland, and Ukraine also supported the operation with different actions, such as arrests, interviewing suspects, searches, and seizures or takedowns of servers and domains. The operation was also supported by a number of private partners at national and international levels including Bitdefender, Cryptolaemus, Sekoia, Shadowserver, Team Cymru, Prodaft, Proofpoint, NFIR, Computest, Northwave, Fox-IT, HaveIBeenPwned, Spamhaus and DIVD.
The Coordinated Actions Led To:
- 4 arrests (1 in Armenia and 3 in Ukraine)
- 16 location searches (1 in Armenia, 1 in the Netherlands, 3 in Portugal, and 11 in Ukraine)
- Over 100 servers were taken down or disrupted in Bulgaria, Canada, Germany, Lithuania, the Netherlands, Romania, Switzerland, the United Kingdom, the United States, and Ukraine
- Over 2,000 domains under the control of law enforcement
Furthermore, it has been discovered through the investigations so far that one of the main suspects has earned at least EUR 69 million in cryptocurrency by renting out criminal infrastructure sites to deploy ransomware. The suspect’s transactions are constantly being monitored and legal permission to seize these assets upon future actions has already been obtained.
What is a Dropper and How Does It Work?
Malware droppers are a type of malicious software designed to install other malware onto a target system. They are used during the first stage of a malware attack, during which they allow criminals to bypass security measures and deploy additional harmful programs, such as viruses, ransomware, or spyware. Droppers themselves do not usually cause direct damage but are crucial for accessing and implementing harmful software on the affected systems.
SystemBC facilitated anonymous communication between an infected system and command-and-control servers. Bumblebee, distributed mainly via phishing campaigns or compromised websites, was designed to enable the delivery and execution of further payloads on compromised systems. SmokeLoader was primarily used as a downloader to install additional malicious software onto the systems it infects. IcedID (also known as BokBot), initially categorized as a banking trojan, had been further developed to serve other cybercrimes in addition to the theft of financial data. Pikabot is a trojan used to get initial access to infected computers which enables ransomware deployments, remote computer take-over, and data theft. All of them are now being used to deploy ransomware and are seen as the main threat in the infection chain.
Malware Droppers’ Operation Phases
Infiltration: Droppers can enter systems through various channels, such as email attachments, and compromised websites, they can also be bundled with legitimate software.
Execution: Once executed, the dropper installs the additional malware onto the victim’s computer. This installation often occurs without the user’s knowledge or consent.
Evasion: Droppers are designed to avoid detection by security software. They may use methods like obfuscating their code, running in memory without saving to disk, or impersonating legitimate software processes.
Payload Delivery: After deploying the additional malware, the dropper may either remain inactive or remove itself to evade detection, leaving the payload to carry out the intended malicious activities.
Endgame Doesn’t End Here
Operation Endgame does not end today. New actions will be announced on the website Operation Endgame. In addition, suspects involved in these and other botnets, who have not yet been arrested, will be directly called to account for their actions. Suspects and witnesses will find information on how to reach out via this website.
Command Post at Europol to Coordinate the Operational Actions
Europol facilitated the information exchange and provided analytical, crypto-tracing, and forensic support to the investigation. To support the coordination of the operation, Europol organized more than 50 coordination calls with all the countries as well as an operational sprint at its headquarters.
Over 20 law enforcement officers from Denmark, France, Germany, and the United States supported the coordination of the operational actions from the command post at Europol and hundreds of other officers from the different countries involved in the actions. In addition, a virtual command post allowed real-time coordination between the Armenian, French, Portuguese, and Ukrainian officers deployed on the spot during the field activities.
The command post at Europol facilitated the exchange of intelligence on seized servers, suspects, and the transfer of seized data. Local command posts were also set up in Germany, the Netherlands, Portugal, the United States, and Ukraine. Eurojust supported the action by setting up a coordination center at its headquarters to facilitate judicial cooperation between all authorities involved. Eurojust also assisted with the execution of European Arrest Warrants and European Investigation Orders.
National Authorities at the Core of Operation Endgame
EU Member States:
- Denmark: Danish Police (Politi)
- France: National Gendarmerie (Gendarmerie Nationale) and National Police (Police Nationale); Public Prosecutor Office JUNALCO (National Jurisdiction against Organised Crime) Cybercrime Unit; Paris Judicial Police (Préfecture De Police de Paris)
- Germany: Federal Criminal Police Office (Bundeskriminalamt), Prosecutor General’s Office Frankfurt am Main – Cyber Crime Center
- Netherlands: National Police (Politie), Public Prosecution Office (Openbaar Ministerie)
Non-EU Member States:
- The United Kingdom: National Crime Agency
- The United States: Federal Bureau of Investigation, United States Secret Service, The Defense Criminal Investigative Service, United States Department of Justice
Please Rate This Article
Please Leave Us Your Comment
Also, tell us of any topics we might have missed.
Thank you for your comment. You may receive an email to follow up. We never share your data with marketers.
-/ 30 /-
What do you think about this?
Please share your thoughts in a comment above!
More Cybercrime Related Information:
- 911 S5 Botnet Dismantled – Another Major Botnet Taken Down By Law Enforcement – 2024 (scamsnow.com)
- Qakbot Botnet Infrastructure Shattered After An International Operation Led By FBI/Europol Takes It Down (scamsnow.com)
- Global Law Enforcement Collaboration Takes Down ‘LabHost’ Phishing-As-A-Service Platform – 2024 (scamsnow.com)
- EUROPOL Action Against European Money Laundering Operations – 2024 (scamsnow.com)
- LockBit Ransomware Shut Down By Combined Global Law Enforcement – 2024 (scamsnow.com)
- Ransomware – Ukraine Gets Serious About Combatting Homegrown Cybercrime 2023 (scamsnow.com)
- Ragnar Locker Ransomware Gang Taken Down 2023 (scamsnow.com)
- INTERPOL Identified Networks Linked to Financial Losses of More Than USD $40 Million (scamsnow.com)
- Cybercriminals Operating Major Ransomware Hosting Service Arrested In Poland (scamsnow.com)
-/ 30 /-
What do you think about this?
Please share your thoughts in a comment above!
SCARS LINKS: AgainstScams.org RomanceScamsNOW.com ContraEstafas.org ScammerPhotos.com Anyscam.com ScamsNOW.com
reporting.AgainstScams.org support.AgainstScams.org membership.AgainstScams.org donate.AgainstScams.org shop.AgainstScams.org
youtube.AgainstScams.org linkedin.AgainstScams.org facebook.AgainstScams.org
ARTICLE RATING
TABLE OF CONTENTS
CATEGORIES
MOST POPULAR COMMENTED ARTICLES
POPULAR ARTICLES
U.S. & Canada Suicide Lifeline 988
![NavyLogo@4x-81[1] Europol's Operation ENDGAME Strikes At Heart Of Cybercrime's Botnet Universe - 2024](https://scamsnow.com/wp-content/uploads/2025/04/NavyLogo@4x-811.png)
ARTICLE META
WHAT PEOPLE ARE TALKING ABOUT LATEST SITE COMMENTS
See Comments for this Article at the Bottom of the Page
on Scam Victims Compliance With Scammer Authority Figures – 2024: “Interesting read, further explains the tactics scammers will use against you.” Aug 10, 16:34
on Scam Victims In The RAIN – A Mindfulness Approach For Recovery – 2024 [UPDATED 2025]: “This technique will be helpful for me. So often I push my feelings down or “push” them behind me and…” Aug 7, 15:31
on The Tao – The Philosophy of the Path to Recovery: “Thank you for a glimpse into this method of healing and mindfulness. At the present I work with my trauma…” Aug 7, 15:18
on The Value of Slowness: “What we really need to face in this online digital world is that so much of it is false. And…” Aug 7, 15:08
on Overconfidence And Scam Victims Susceptibility To Scams – 2024 [UPDATED]: “This website really has all the information and facts I wanted about this subject and didn’t know who to ask.” Aug 3, 10:23
on A Scam Victim in Extreme Distress – Stopping the Pain – 2024: “this post really clarified a lot of things for me, and heled me to understand , there is a lot…” Aug 1, 07:31
on Glimmers of Light – the Positive Side of Experience for Scam Victims – 2025: “Very useful /helpful article for victims suffering from trauma not only of all types” Jul 31, 02:47
on Relationship Scam Victims – Impact On Employment And Jobs – Saving Employment After A Scam: “Trauma, fear of shame, grief can alter how we handle day to day situations such as work or caring for…” Jul 31, 02:08
on Fear Of Contagion: Why Scam Victims Are Harshly Judged And Blamed 2023: “This comment stems from a re-read of this article. I first read it several months ago. I understand that others…” Jul 31, 01:28
on WARNING – Scam Victims Exploited By The News Media – 2024 [UPDATED 2025]: “The article highlights some important information for victims who after years of recovery/support feel “ready” to talk to the media…” Jul 28, 18:54
on WARNING – Scam Victims Exploited By The News Media – 2024 [UPDATED 2025]: “Thank you for this explanation of the potential added on trauma a survivor could be exposed to. Definitely not worth…” Jul 21, 17:13
on Acknowledging The Harm Done – 2025: “Well written article explaining the harm done and why it is necessary to acknowledge it. In part it helped me…” Jul 21, 16:57
on Dear Scam Victim Family & Friends – You Are Also Scam Victims – 2024: “A scam is hard on everyone who loves and cares for the victim. The survivor goes through a lot to…” Jul 21, 14:04
on A Scam Victim in Extreme Distress – Stopping the Pain – 2024: “Jina, we redacted your comments since they do not comply with our policies. However, this does not invalidate what happened…” Jul 20, 21:45
on Waiting to See if Someone is Real – Take a Pause First – 2025: “The pause remains important…actually now the pause is critical. There is nothing, not a financial gain, an item, a meeting,…” Jul 20, 19:55
on Hate for Scammers and Criminals Feels So Good But is So Bad for Scam Victims – 2025: “I struggled for months with forgiveness. Forgiving myself and the criminals. About two months ago I prayed and forgave the…” Jul 20, 16:24
on The Paradox of Pain – 2025: “This is a great article and holds significance for me. Initially after my crime I felt such pain. It would…” Jul 20, 12:19
on A Scam Victim in Extreme Distress – Stopping the Pain – 2024: “[REDACTED FOR POLICY REASONS]” Jul 20, 11:40
on The Unique Injury Of Betrayal Trauma On Scam Victims – 2024: “It will come as recovery progresses, but stopping and then restarting recovery after years makes it harder. Just keep learning…” Jul 19, 21:10
on Waiting to See if Someone is Real – Take a Pause First – 2025: “Very valuable information for all /including myself/ who still struggle with their own impulsive reactions.” Jul 19, 06:21
Important Information for New Scam Victims
Please visit www.ScamVictimsSupport.org – a SCARS Website for New Scam Victims & Sextortion Victims
SCARS Institute now offers a free recovery program at www.SCARSeducation.org
Please visit www.ScamPsychology.org – to more fully understand the psychological concepts involved in scams and scam victim recovery
If you are looking for local trauma counselors, please visit counseling.AgainstScams.org
If you need to speak with someone now, you can dial 988 or find phone numbers for crisis hotlines all around the world here: www.opencounseling.com/suicide-hotlines
Statement About Victim Blaming
Some of our articles discuss various aspects of victims. This is both about better understanding victims (the science of victimology) and their behaviors and psychology. This helps us to educate victims/survivors about why these crimes happened and not to blame themselves, better develop recovery programs, and help victims avoid scams in the future. At times, this may sound like blaming the victim, but it does not blame scam victims; we are simply explaining the hows and whys of the experience victims have.
These articles, about the Psychology of Scams or Victim Psychology – meaning that all humans have psychological or cognitive characteristics in common that can either be exploited or work against us – help us all to understand the unique challenges victims face before, during, and after scams, fraud, or cybercrimes. These sometimes talk about some of the vulnerabilities the scammers exploit. Victims rarely have control of them or are even aware of them, until something like a scam happens, and then they can learn how their mind works and how to overcome these mechanisms.
Articles like these help victims and others understand these processes and how to help prevent them from being exploited again or to help them recover more easily by understanding their post-scam behaviors. Learn more about the Psychology of Scams at www.ScamPsychology.org
SCARS INSTITUTE RESOURCES:
If You Have Been Victimized By A Scam Or Cybercrime
♦ If you are a victim of scams, go to www.ScamVictimsSupport.org for real knowledge and help
♦ Enroll in SCARS Scam Survivor’s School now at www.SCARSeducation.org
♦ To report criminals, visit https://reporting.AgainstScams.org – we will NEVER give your data to money recovery companies like some do!
♦ Follow us and find our podcasts, webinars, and helpful videos on YouTube: https://www.youtube.com/@RomancescamsNowcom
♦ Learn about the Psychology of Scams at www.ScamPsychology.org
♦ Dig deeper into the reality of scams, fraud, and cybercrime at www.ScamsNOW.com and www.RomanceScamsNOW.com
♦ Scam Survivor’s Stories: www.ScamSurvivorStories.org
♦ For Scam Victim Advocates visit www.ScamVictimsAdvocates.org
♦ See more scammer photos on www.ScammerPhotos.com
You can also find the SCARS Institute on Facebook, Instagram, X, LinkedIn, and TruthSocial
Psychology Disclaimer:
All articles about psychology and the human brain on this website are for information & education only
The information provided in this and other SCARS articles are intended for educational and self-help purposes only and should not be construed as a substitute for professional therapy or counseling.
Note about Mindfulness: Mindfulness practices have the potential to create psychological distress for some individuals. Please consult a mental health professional or experienced meditation instructor for guidance should you encounter difficulties.
While any self-help techniques outlined herein may be beneficial for scam victims seeking to recover from their experience and move towards recovery, it is important to consult with a qualified mental health professional before initiating any course of action. Each individual’s experience and needs are unique, and what works for one person may not be suitable for another.
Additionally, any approach may not be appropriate for individuals with certain pre-existing mental health conditions or trauma histories. It is advisable to seek guidance from a licensed therapist or counselor who can provide personalized support, guidance, and treatment tailored to your specific needs.
If you are experiencing significant distress or emotional difficulties related to a scam or other traumatic event, please consult your doctor or mental health provider for appropriate care and support.
Also read our SCARS Institute Statement about Professional Care for Scam Victims – click here
If you are in crisis, feeling desperate, or in despair, please call 988 or your local crisis hotline.
More ScamsNOW.com Articles
A Question of Trust
At the SCARS Institute, we invite you to do your own research on the topics we speak about and publish. Our team investigates the subject being discussed, especially when it comes to understanding the scam victims-survivors’ experience. You can do Google searches, but in many cases, you will have to wade through scientific papers and studies. However, remember that biases and perspectives matter and influence the outcome. Regardless, we encourage you to explore these topics as thoroughly as you can for your own awareness.
Leave a Reply