Microsoft and Europol disclosed a coordinated takedown that crippled two major malware families used by organized crime. By invoking RICO statutes, prosecutors treated the overlapping tools as a single conspiracy, allowing law enforcement to dismantle more than 200 command‑and‑control servers and cut criminal control of over 18,000 infected machines. The disruption forces botnet operators to rebuild infrastructure, delaying future attacks.

The operation, dubbed Operation Endgame, also seized 27 million stolen login credentials and recovered roughly $47 million in crypto assets tied to the criminal network. Europol reported that 326 servers and 142 domains were seized, severely disrupting the distribution pipeline for the malware loader Soc Gholish, which has been linked to Russia’s Evil Corp. Cleanup also notified victims whose data leaked, improving site security.

Partners such as ESET, Proofpoint, IBM X‑Force, Bitsight and Mitsui Bussan Secure Directions helped clean compromised WordPress sites and urged administrators to rotate credentials. Participants from Canada, Denmark, Germany, the Netherlands, the UK and the US executed the takedown, delivering a one‑two punch that raises the cost of operating a cyber‑crime assembly line. The strike shows public‑private partnerships can outpace ransomware gangs stealing credentials.