Operation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global Crackdown
Summary:
Operation Endgame is a joint international law enforcement effort to take down major cybercriminal infrastructures. The latest phase of Operation Endgame, which took place between November 10 and 13, 2025, was coordinated by Europol and Eurojust and involved law enforcement and judicial authorities from more than a dozen countries including Australia, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, the U.K., and the U.S. With the support of cybersecurity firms such as ProofPoint, Bitdefender, CrowdStrike, HaveIBeenPwned, etc., law enforcement dismantled infrastructure belonging to three prominent malware families — Rhadamanthys Stealer, Venom RAT, and the Elysium botnet, which have been used to facilitate large scale data theft and ransomware campaigns. As part of the latest coordinated operation, authorities arrested the main suspect behind Venom RAT in Greece, seized 20 domains, and took down more than 1,025 servers used to facilitate cyberattacks
Security Officer Comments:
The dismantled malware infrastructure consisted of thousands of compromised computers and several million stolen credentials. Notably, Europol says that many of the victims were not aware that their systems were infected, highlighting the stealth-like nature of these malware families and their ability to operate covertly. The investigation also revealed that the main suspect behind Rhadamanthys Stealer had access to over 100,000 crypto wallets belonging to victims. The total value of these crypto wallets is estimated to reach millions of euros.
Link(s):
https://thehackernews.com/2025/11/operation-endgame-dismantles.html
Operation Endgame is a joint international law enforcement effort to take down major cybercriminal infrastructures. The latest phase of Operation Endgame, which took place between November 10 and 13, 2025, was coordinated by Europol and Eurojust and involved law enforcement and judicial authorities from more than a dozen countries including Australia, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, the U.K., and the U.S. With the support of cybersecurity firms such as ProofPoint, Bitdefender, CrowdStrike, HaveIBeenPwned, etc., law enforcement dismantled infrastructure belonging to three prominent malware families — Rhadamanthys Stealer, Venom RAT, and the Elysium botnet, which have been used to facilitate large scale data theft and ransomware campaigns. As part of the latest coordinated operation, authorities arrested the main suspect behind Venom RAT in Greece, seized 20 domains, and took down more than 1,025 servers used to facilitate cyberattacks
Security Officer Comments:
The dismantled malware infrastructure consisted of thousands of compromised computers and several million stolen credentials. Notably, Europol says that many of the victims were not aware that their systems were infected, highlighting the stealth-like nature of these malware families and their ability to operate covertly. The investigation also revealed that the main suspect behind Rhadamanthys Stealer had access to over 100,000 crypto wallets belonging to victims. The total value of these crypto wallets is estimated to reach millions of euros.
Link(s):
https://thehackernews.com/2025/11/operation-endgame-dismantles.html