Authorities from Europe, the United States, and Canada have dismantled a major global malware infrastructure, taking down over 300 servers and issuing international arrest warrants for 20 suspects, according to Eurojust, the EU’s agency for criminal justice cooperation. This operation marks the latest phase of Operation Endgame, an international effort targeting cybercriminal networks.

The joint investigation brought together law enforcement from Germany, France, the Netherlands, Denmark, the United Kingdom, the United States, and Canada. Together, they targeted some of the most dangerous malware strains in circulation and the individuals responsible for spreading them. So far, more than three dozen suspects have been identified, with 20 facing criminal charges. In addition to shutting down hundreds of servers, the authorities neutralized 650 domains and seized €3.5 million (about S$5.12 million) in cryptocurrency. This builds on a previous milestone in May 2024, which had been the largest operation ever conducted against botnets. Overall, the operation has led to the seizure of €21.2 million since it began last year.

The malware targeted in this phase is known as "initial access malware." It allows attackers to stealthily breach systems and serve as a gateway for more harmful infections, including ransomware. Operation Endgame is ongoing, with further actions expected. Updates will be shared via the coalition’s official website. Meanwhile, several of the main suspects are now subject to public and international alerts, with German authorities planning to list 18 of them on the EU Most Wanted list as of Friday, May 23.