Worldwide Take-Down Disrupts Major Malware Ecosystems

Ravie Lakshmanan of The Hacker News reports that Europol and Eurojust coordinated a worldwide take-down targeting major malware infrastructures. Operations linked to Rhadamanthys Stealer, Venom RAT, and the Elysium botnet were disrupted.

The raids were conducted between November 10 and 13, 2025. The enforcement phase formed part of Operation Endgame, an initiative aimed at dismantling systems that enable large-scale cybercrime. Authorities reported extensive infrastructure seizures and arrests, presenting a rare instance in which multiple high-volume threat ecosystems were simultaneously disrupted.

Background reporting from Europol described a broad set of compromised systems, noting that infected devices contained large volumes of stolen credentials.

Authorities also confirmed the removal of more than 1,025 servers and the seizure of 20 domains. Europol stated that victims often remained unaware of ongoing infections within their systems.

One individual linked to Venom RAT was arrested in Greece.

Separate reports described Elysium as a proxy botnet associated with broader services previously advertised by groups connected to Rhadamanthys. Additional analyses by private researchers have documented the evolving capabilities in recent versions of the infostealer, including expanded fingerprinting features and stealth mechanisms.

Enforcement partners also cited large-scale infection metrics, noting hundreds of thousands of affected systems across numerous countries.

The operation provides legal teams with insight into how multinational coordination can shape expectations regarding cyber incident response, infrastructure monitoring, and cross-border evidence handling. The scale of the disruption raises questions about the obligation to investigate potential secondary infections where malware families may have coexisted.

It also points to the need for careful attention to law enforcement notifications. These may impose immediate preservation duties. They may also inform assessments of regulatory exposure and remediation timelines within affected organizations operating across diverse jurisdictions.