US and European authorities have executed a major takedown of what they describe as the “world’s largest botnet,” responsible for nearly $6 billion in COVID-19 insurance fraud. This operation, dubbed "Endgame," marks a significant victory in the fight against cybercrime.
The US Department of Justice announced the arrest of YunHe Wang, a 35-year-old Chinese national, who allegedly orchestrated the botnet known as “911 S5.” Wang and his network are accused of spreading ransomware through infected emails from 2014 to 2022. Authorities seized luxury watches, over 20 properties, and a Ferrari linked to Wang, who allegedly amassed $99 million by licensing his malware to other criminals.
Wang faces severe charges, including conspiracy to commit computer fraud, wire fraud, and money laundering, which could result in up to 65 years in prison.
The coordinated action involved police forces from several countries including Germany, the Netherlands, France, Denmark, Ukraine, the United States, and the United Kingdom. Eurojust, the EU’s judicial cooperation agency, reported the arrest of four high-value suspects, the dismantling of over 100 servers, and the seizure of more than 2,000 internet domains.
Europol highlighted the substantial financial damage inflicted by the botnet on governments, companies, and individuals, with losses amounting to hundreds of millions of euros. Millions of people were also affected as their systems were hijacked to form part of these botnets.
The operation specifically targeted malware droppers like IcedID, Pikabot, Smokeloader, Bumblebee, and Trickbot, which spread ransomware and other malicious software through emails containing infected links or attachments.
This takedown follows previous significant operations, such as the dismantling of the Emotet botnet in 2021. Europol and other agencies emphasised that this is not the end of their efforts, promising further actions against cybercrime.
“This operation shows that you always leave tracks, nobody is unfindable, even online,” stated Stan Duijf of the Dutch national police, reinforcing the message that cybercriminals will be found and held accountable.
