The Hague | November 13, 2025 | From November 10 to 13, 2025, a command post at Europol’s headquarters in The Hague buzzed with activity. Screens flickered with live intelligence feeds as officers from eight countries coordinated the takedown of multiple global cybercrime operations in real time.
Codenamed Operation Endgame, the joint effort involved Europol, Eurojust, and authorities from Australia, Belgium, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, the United Kingdom, and the United States. The mission: to dismantle the backbone of criminal infrastructures that enabled some of the world’s most damaging malware and ransomware campaigns.
By the end of the week, officials reported striking results — over 1,025 servers taken down, 20 domains seized, 11 locations searched, and one key suspect arrested in Greece.
“This operation marks another step forward in our collective fight against the ecosystem that fuels cybercrime,” said a Europol spokesperson. “It’s not just about malware, but the networks and services that make global cyberattacks possible.”
The Malware Triad: Rhadamanthys, VenomRAT, and Elysium
The targets of this phase of Operation Endgame represented some of the most pervasive digital threats active in the criminal underground.
Rhadamanthys, an information-stealing malware, harvested millions of credentials and personal details from infected systems across the world. Its operators reportedly had access to more than 100,000 cryptocurrency wallets, collectively worth millions of euros.
VenomRAT, a remote access trojan (RAT), enabled attackers to gain complete control over compromised computers. The alleged main operator behind VenomRAT was apprehended by Greek authorities earlier this month, in what officials described as a “high-impact arrest.”
The Elysium botnet functioned as an industrial-scale network of infected machines, rented out to cybercriminals to deploy further attacks. Its dismantling disrupted a vital infrastructure hub in the broader ransomware ecosystem.
Europol officials said the combined takedown not only removed immediate threats but also sent a clear signal to cybercriminals worldwide: “We’re coming for the enablers, not just the attackers.”
Inside Europol’s Command Post
At the heart of the operation was a temporary command post set up inside Europol’s high-security complex in The Hague. Over 100 law enforcement officers from across continents worked in sync, coordinating raids, digital forensics, and data seizures.
Using real-time crypto-tracing and forensic tools, officers identified compromised servers, coordinated arrests, and facilitated the transfer of seized data. Parallel judicial coordination by Eurojust ensured that European Arrest Warrants and cross-border data requests were executed seamlessly.
Private cybersecurity firms also played a critical supporting role. Organizations including CrowdStrike, Proofpoint, Spamhaus, Shadowserver, Bitdefender, HaveIBeenPwned, and Abuse.ch contributed technical intelligence and helped map the infected infrastructure.
“This collaboration between public agencies and private researchers is a model for the future,” said a senior official involved in the operation. “The scale of these networks demands a global response, not isolated enforcement.”
Beyond the Takedown: The Next Move
Despite the success of Operation Endgame, investigators cautioned that the battle against cybercrime is far from over. The dismantled infrastructure revealed the depth of interconnection among ransomware operators, infostealer groups, and dark web marketplaces.
Many victims of the infected networks, officials said, were unaware their computers had been compromised. Europol urged individuals and businesses to check whether their credentials had been exposed using official resources such as politie.nl/checkyourhack and haveibeenpwned.com.
In a symbolic statement on its website, Europol declared: “Endgame doesn’t end here — think about (y)our next move.”
For law enforcement agencies, that next move involves expanding their cyber capabilities, strengthening data-sharing frameworks, and continuing to target the enablers — the infrastructure providers, the money launderers, and the brokers who make cybercrime profitable.
As one investigator in The Hague summed up, “This was not just an operation; it was a message. The age of impunity in cybercrime is ending.”
