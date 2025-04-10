Network Security, Threat Intelligence

Operation Endgame follow-up cracks down on Smokeloader botnet

(Adobe Stock)

Europol has announced that malicious activity associated with the Smokeloader botnet has been further clamped down with the arrest of at least five individuals and the sequestration of servers in the continuation of last year's Operation Endgame, which resulted in the dismantling of the IcedID, Bumblebee, Trickbot, SystemBC, and Pikabot malware loaders, reports BleepingComputer.

Smokeloader which was operated by the threat actor "Superstar" and leveraged in ransomware and cryptominer launching intrusions had its customers uncovered after the examination of one of its databases seized during last year's law enforcement operation, according to Europol, which not only created a dedicated website for Operation Endgame but also issued animated videos detailing how Smokeloader's affiliates are being identified. Such a development comes months after half a dozen individuals involved in cyberattacks aimed at European Union member states' critical infrastructure were sanctioned by the European Council. Cryptocurrency exchanges PM2BTC and Cryptex used by Russian ransomware groups have also been subjected to sanctions by the U.S. Treasury Department.

