At the end of May 2025, Operation ENDGAME, ongoing since 2024, led to the takedown of Initial Access Malware. This malware was being used for initial infection, helping cybercriminals to enter victims’ systems unnoticed and download more malware, such as ransomware, onto their devices. The following malware strains were neutralised during the operation: Bumblebee, Lactrodectus, Qakbot, Hijackloader, DanaBot, Trickbot, and Warmcookie.

Investigators from Canada, Denmark, France, Germany, the Netherlands, the United Kingdom, and the United States conducted the operation, which was also supported by Eurojust and Europol. Some 300 servers were taken down worldwide, 650 domains were neutralised, and 20 international arrest warrants issued. €3.5 million in cryptocurrency was also seized. In addition, several suspects were added to the EU Most Wanted list.