Operation Endgame takedown of Rhadamanthys, Venom RAT, and Elysium
Law Enforcement
Summary
Hide ▲
Show ▼
Authorities arrested the main Venom RAT suspect in Greece and disrupted Rhadamanthys Stealer, Venom RAT, and the Elysium botnet during Operation Endgame. The coordinated enforcement phase ran from November 10 to 13, 2025 and targeted criminal infrastructure used to support ransomware enablers worldwide. Officials said the operation took down more than 1,025 servers and seized 20 domains. The dismantled infrastructure contained hundreds of thousands of infected computers and several million stolen credentials.
Related Happenings
First VPN had assets seized in First VPN takedown
Law Enforcement
First: 21.05.2026 18:30
Last: 21.05.2026 18:30
Sources 1
About this happening:
Authorities **took down First VPN**, a **ransomware**-linked service used to hide cybercrime activity, in a coordinated action led by **France and the Netherlands**. The operation...
First VPN had assets seized in First VPN takedown
Law EnforcementAbout this happening: Authorities **took down First VPN**, a **ransomware**-linked service used to hide cybercrime activity, in a coordinated action led by **France and the Netherlands**. The operation...
First VPN takedown by Europol and French-Dutch authorities
Law Enforcement
First: 21.05.2026 16:09
Last: 21.05.2026 16:09
Sources 1
About this happening:
**Europol** and **French and Dutch authorities** took **First VPN** offline in a cross-border operation that also **seized servers** and **arrested the administrator**. The case m...
First VPN takedown by Europol and French-Dutch authorities
Law EnforcementAbout this happening: **Europol** and **French and Dutch authorities** took **First VPN** offline in a cross-border operation that also **seized servers** and **arrested the administrator**. The case m...
Gentlemen ransomware affiliate campaign expanding toolkit and infrastructure
Campaign
First: 20.04.2026 23:02
Last: 20.04.2026 23:02
Sources 1
About this happening:
The **Gentlemen ransomware** campaign has now been tied to a **ransomware attack on Oltenia Energy Complex** on the **second day of Christmas**, disrupting **ERP systems**, **docu...
Gentlemen ransomware affiliate campaign expanding toolkit and infrastructure
CampaignAbout this happening: The **Gentlemen ransomware** campaign has now been tied to a **ransomware attack on Oltenia Energy Complex** on the **second day of Christmas**, disrupting **ERP systems**, **docu...
Operation PowerOff DDoS-for-hire takedown
Law Enforcement
First: 17.04.2026 09:40
Last: 17.04.2026 09:40
Sources 1
About this happening:
Europol and partners in 21 countries carried out Operation PowerOff, disrupting a DDoS-for-hire/booter-service ecosystem. The coordinated action took down 53 domains, seized infra...
Operation PowerOff DDoS-for-hire takedown
Law EnforcementAbout this happening: Europol and partners in 21 countries carried out Operation PowerOff, disrupting a DDoS-for-hire/booter-service ecosystem. The coordinated action took down 53 domains, seized infra...
Latest development: 17.04.2026 14:30
Europol-led Operation PowerOff involved police and cybersecurity agencies from 21 countries and disrupted DDoS-for-hire infrastructure by taking down 53 domains, seizing databases linked to over three million criminal user accounts, removing over 100 advertising URLs, and arresting four people suspected of providing DDoS-for-hire services.
Operation PowerOFF DDoS-for-hire arrests and takedowns
Law Enforcement
First: 17.04.2026 01:26
Last: 17.04.2026 01:26
Sources 1
About this happening:
Authorities participating in Operation PowerOFF disrupted DDoS-for-hire and booter infrastructure across 21 countries, arresting four suspects and taking 53 domains offline. The a...
Operation PowerOFF DDoS-for-hire arrests and takedowns
Law EnforcementAbout this happening: Authorities participating in Operation PowerOFF disrupted DDoS-for-hire and booter infrastructure across 21 countries, arresting four suspects and taking 53 domains offline. The a...
Latest development: 17.04.2026 14:30
Europol-led Operation PowerOff involved police and cybersecurity agencies from 21 countries and disrupted DDoS-for-hire infrastructure by taking down 53 domains, seizing databases linked to over three million criminal user accounts, removing over 100 advertising URLs, and arresting four people suspected of providing DDoS-for-hire services.
Timeline
-
13.11.2025 13:16 1 articles · 6mo ago
Venom RAT suspect arrested in Greece
Legal Policy Action UpdateAuthorities arrested the main suspect behind Venom RAT in Greece on November 3, 2025, as part of the broader Operation Endgame effort against criminal infrastructure used to support ransomware enablers.
Show sources
- Operation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global Crackdown — thehackernews.com — 13.11.2025 13:16
-
13.11.2025 13:16 2 articles · 6mo ago
Operation Endgame disruption and impact reported
Campaign Scope UpdateEuropol and Eurojust said Operation Endgame disrupted Rhadamanthys Stealer, Venom RAT, and the Elysium botnet during the November 10-13, 2025 enforcement window, taking down more than 1,025 servers and seizing 20 domains. Europol said the dismantled infrastructure covered hundreds of thousands of infected computers and several million stolen credentials, and that the main suspect behind the infostealer had access to 100,000 cryptocurrency wallets; Check Point also reported that the latest Rhadamanthys version added device and web browser fingerprint collection plus mechanisms to fly under the radar.
Show sources
- Operation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global Crackdown — thehackernews.com — 13.11.2025 13:16
- Operation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global Crackdown — thehackernews.com — 13.11.2025 13:16