During an international action week taking place between 15 and 19 June, authorities succeeded in disrupting the infrastructure of various malware services. In total 326 servers and 142 domains were neutralised and 27 million compromised data sets were recovered.

Three malware variants with different functionalities were targeted and neutralised:

• SocGholish: allows unauthorised parties to gain access to computer systems by distributing fake browser updates via compromised websites. This access is then exploited for other crimes, such as installing ransomware for digital extortion.
• StealC: designed to extract sensitive information such as passwords and digital identities from compromised computers. The stolen data is then sold or used for further fraudulent activities.
• Amadey: malware spread through phishing campaigns, capable of introducing additional malware into compromised systems and retrieving sensitive data.

The action week is the latest result of sustained close cooperation between authorities worldwide under Operation Endgame. Since 2022, Eurojust has supported judicial authorities in exchanging information and synchronising actions. Prior to the action week, the Agency brought together all relevant authorities to plan the operation. During the action week, a communication channel was set up for judicial follow-up.

Europol provided operational coordination and facilitated seamless collaboration among law enforcement agencies from the participating countries. It ensured real-time information sharing, delivered analytical and technical support and conducted crosschecks on attribution, infrastructure, and financial investigations.

Operation EndGame targets the initial access malware used to infect devices. Cybercriminals use this malware as a gateway to silently infiltrate victims’ systems and steal sensitive data. By fighting the initial stage of the attack chain, the operation strikes at the heart of the entire ‘cybercrime as a service’ ecosystem.

The actions were carried out by the following authorities:

• Germany: German Federal Criminal Police Office; Public Prosecutors General's Office Frankfurt am Main - Cybercrime Office; German Federal Office for Information Security
• Denmark: Danish Prosecution Service; Danish Police
• France: Public Prosecution Office Paris Cybercrime Unit; Central Office Against Cybercriminality (OFAC)
• Netherlands: Netherlands Public Prosecution Service (National Office); Netherlands Police
• United Kingdom: National Crime Agency
• United States
• Canada