NCA part of international op to destroy cyber crime services
Image courtesy NCA
EndgameDroppers are a type of malicious software which, when downloaded onto a victim’s system, allow criminals to bypass security measures and deploy additional harmful malware, including ransomware.
The activity was part of a coordinated international operation targeting dropper strains including Bumblebee, IcedID, Smokeloader and Pikabot, which were taken offline last month (w/c 27th May).
The operation was led by France, Germany and the Netherlands but also involved law enforcement partners in Denmark, Eurojust, Europol and the United States.
NCA cyber crime specialists mapped out the criminal infrastructure and shut down the servers of both IcedID, as part of wider US-led activity and Bumblebee, in activity which was led by the German authorities.
These particular droppers have been crucial in facilitating the most harmful cyber threats faced by the UK and across the world, causing several hundreds of millions in losses to governments and companies.
They were available to purchase on the dark web and were usually distributed to victims as attachments via mass spam email campaigns.
Anyone attempting to access the dropper sites will now be met with a law enforcement splash page, explaining that the network has been seized and is no longer available for use.
International partners have identified cyber criminals from across the dropper network, some of whom were involved in the development of the malware. They will be deanonymised over the coming months via a purpose-made domain, https://www.operation-endgame.com, as well as posted directly on to dark web cybercrime forums. In some cases, the targets have been emailed directly.
A total of four arrests were made across Armenia and Ukraine. Worldwide, over 100 servers were taken down or disrupted, and about 2,000 domain names are now under the control of law enforcement.
Paul Foster, Director of Threat Leadership at the National Crime Agency, said: “These droppers provided the building blocks for criminals to carry out serious cyber attacks, which have caused immense damage to victims in the UK and across the globe.
“Collaborative international investigations such as this are the most impactful way to disrupt the most harmful cyber criminals and degrade the tools and services which underpin their operations.
“I would urge any businesses that may have been a victim of cyber crime to come forward and report such incidents to law enforcement.”
