Law enforcement agencies in Europe and the United States have carried out two major operations this week targeting botnets, with the US Department of Justice claiming one of the takedowns is the world’s largest botnet ever. The US operation targeted a botnet that infected over 19 million IP addresses and was responsible for billions of dollars in fraud related to the pandemic and unemployment, as well as various other offenses including child exploitation materials and export violations. YunHe Wang, a Chinese national and St. Kitts and Nevis citizen, was arrested for operating the 911 S5 botnet, which allowed cybercriminals to commit various crimes using proxied IP addresses to conceal their true locations.
Wray said that the 911 S5 botnet infected computers in nearly 200 countries and facilitated various computer-enabled crimes such as financial fraud, identity theft, and child exploitation. The operation led to the seizure of property owned by Wang, including luxury cars, bank accounts, cryptocurrency wallets, wristwatches, real estate properties, and domains. The scheme to sell access to millions of malware-infected computers enabled criminals to steal billions of dollars and engage in other illegal activities. Assistant Secretary Axelrod of the US Department of Commerce’s Bureau of Industry and Security described the alleged conduct as being ripped from a screenplay, showcasing the extent of criminal activities involved.
Europol’s Operation Endgame also targeted malware droppers including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot, leading to the arrest of ringleaders, dismantling of criminal infrastructure, and freezing of illegal proceeds. The operation focused on disrupting the activities of cybercriminals using various malware to execute attacks involving ransomware and other malicious software. Europe added eight fugitives to its Most Wanted list as part of the operation and continues to target individuals involved in cybercrime. SystemBC was utilized for secure communication between infected systems and command-and-control servers, while Bumblebee facilitated the delivery and execution of further malicious payloads on compromised systems.
SmokeLoader was used as a downloader to install additional malicious software on infected systems, while IcedID, initially categorized as a banking trojan, expanded its operations to include other crimes and financial data theft. Pikabot was a trojan used for gaining initial access to infected computers, enabling activities such as ransomware deployments, remote computer takeovers, and data theft. Europol notes that Operation Endgame is ongoing and that new actions will be announced as more suspects involved in cybercrime are targeted. The operation aims to disrupt the activities of cybercriminals using various malware to carry out illegal activities and generate profits through criminal means.
The takedown of these botnets represents a significant victory for law enforcement agencies in combating cybercrime and protecting individuals and organizations from malicious online activities. The operations led to the arrest of individuals involved in major cybercriminal activities and the dismantling of infrastructure used for committing various crimes. Law enforcement agencies continue to work together nationally and internationally to identify and disrupt cybercriminal networks, prevent future attacks, and hold perpetrators accountable for their actions. The success of these operations highlights the importance of collaboration between law enforcement agencies and the effectiveness of targeting botnets to prevent and combat cybercrime on a global scale.
