OPERATION ENDGAME DIVD-2024-00019

As part of Operation Endgame the Dutch Police and Europol have infiltrated a number of botnets, including at least Smokeloader, cedId, Pikabot, SystemBC, and Bumblebee. During this infiltration they obtained data about the victims of these botnets. DIVD is providing victim notification for civilians.

This data has been shared with us and various other parties like Have I Been Pwned, Spam House, Project No More Leaks, the (Dutch) NCSCCSIRT-DSP and Digital Trust Center .

The data we have received consists of the following data sets:

  1. Email credentials, either SMTP or IMAP credentials
  2. ADFS credentials consisting of AD-domain and login credentials
  3. Unlabelled individual (email) account credentials.


RECOMMENDATIONS

If you received a notification from us, members of your organisation or your customers had their password stolen or system infected by a botnet. Detailed recommendations are found here: https://csirt.divd.nl/cases/DIVD-2024-00019


WHAT YOU CAN DO

What you can do depends on who you are and the type of data the police found.To keep this main case page brief, we have created separate pages with recommendations for your situation.

Check our CSIRT website case here: https://csirt.divd.nl/cases/DIVD-2024-00019


WHAT WE ARE DOING

We have received the discovered data from the police, and are sending out notification to individuals and organizations that have fallen victim to compromise. To effectively do this, we are in close cooperation with the Dutch National Police as well as the NCSC, CSIRT-DSP and DTC.

PRESS RELEASES

Press release Dutch Nationale Police: https://www.politie.nl/nieuws/2024/mei/30/11-meerdere-botnets-ontmanteld-in-grootste-internationale-operatie-tegen-ransomware-ooit.html

Press release Europol: https://www.europol.europa.eu/media-press/newsroom/news/largest-ever-operation-against-botnets-hits-dropper-malware-ecosystem