Law enforcement agencies in the US and six other countries have been identifying customers of the Smokeloader pay-per-install botnet and have made five arrests, Europol announced.
The Smokeloader botnet was disrupted in May 2024 as part of Operation Endgame and led to the destruction of the infrastructure of several malware droppers, including Bumblebee, IcedID, Pikabot, SystemBC, and Trickbot.
The botnet’s customers, Europol said on Wednesday, were registered in a database that was seized by law enforcement in May last year. This enabled follow-up actions against the botnet’s users, as authorities were able to link online personas with real-life individuals.
Several suspects called in for questioning cooperated with authorities and agreed to have their personal devices examined. Some of them resold services purchased from Smokeloader at a markup, Europol notes.
“Some of the suspects had assumed they were no longer on law enforcement’s radar, only to come to the harsh realization that they were still being targeted. Operation Endgame does not end today,” the European agency warned.
Law enforcement agencies in Canada, Czech Republic, Denmark, France, Germany, the Netherlands, and the US participated in this effort and insist they will continue to track down suspected users of these and other botnets and will announce new actions on the Operation Endgame’s dedicated website.
In September 2024, in partnership with Operation Endgame, the US Treasury sanctioned PM2BTC, UAPS, and Cryptex, three cryptocurrency exchanges associated with malicious activities, while the Dutch authorities seized web domains and/or infrastructure associated with them.
Two Russian nationals operating the exchanges, namely Sergey Sergeevich Ivanov and Timur Shakhmametov, were indicted in the US. Roughly a week later, Russian authorities arrested 96 suspects allegedly associated with the exchanges.
Related: New Ballista IoT Botnet Linked to Italian Threat Actor
Related: BadBox Botnet Powered by 1 Million Android Devices Disrupted
Related: US Disrupts ‘Raptor Train’ Botnet of Chinese APT Flax Typhoon
Related: US Sanctions Three Chinese Men for Operating 911 S5 Botnet
About The Author
Original post here
