Operation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global Crackdown

A major international law enforcement operation, dubbed Operation Endgame, has successfully disrupted several significant malware families, including Rhadamanthys Stealer, Venom RAT, and the Elysium botnet. This coordinated effort, led by Europol and Eurojust, took place from November 10 to 13, 2025, and represents the newest phase in a sustained campaign aimed at dismantling criminal cyber infrastructures and fighting ransomware facilitators around the globe. Authorities managed to take down over 1,025 servers and seized 20 domains connected to these cybercrime networks. Among the key breakthroughs was the arrest of the primary suspect behind the Venom RAT in Greece on November 3, a critical step in crippling the malware’s operational capabilities. Europol emphasized that the malware infrastructure affected hundreds of thousands of infected devices, harboring several million stolen credentials. Many victims remained unaware that their systems had been compromised, highlighting the stealthy nature of these threats. There remains some ambiguity regarding the Elysium botnet mentioned by Europol; it is yet to be confirmed whether it is the same proxy botnet service associated with the Rhadamanthys-linked threat actor known as RHAD Security or Mythical Origin Labs, who were reportedly advertising recently. Europol also revealed that the main suspect in possession of the infostealer had access to at least 100,000 cryptocurrency wallets, potentially representing millions of euros in losses for victims. Further analysis by cybersecurity firm Check Point showed that the latest iteration of Rhadamanthys had enhanced capabilities, including the collection of device and web browser fingerprints, plus new features designed to evade detection. This technological advancement made Rhadamanthys particularly challenging to detect and mitigate, underscoring why coordinated law enforcement action was necessary. The operation saw collaboration from agencies across various countries, including Australia, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, and the United States, illustrating the global scale and complexity of cybercrime. The takedown of these malicious infrastructures marks a significant blow to the operators behind these malware families, disrupting their ability to steal data, facilitate ransomware attacks, and extort victims worldwide. While the immediate impact has been a major disruption to these cybercriminal networks, the long-term effects remain to be seen, especially regarding the resilience and adaptability of such cyber threats. Operation Endgame's success highlights the importance of international cooperation in combating cross-border cybercrime. Authorities continue to monitor the situation closely, and updates will be provided as this story develops.