European and US operations take down global malware networks

30 May 2024

Image: © Robertvt/

One person arrested in the US allegedly earned millions of dollars by offering cybercriminals access to infected IP addresses for a fee.

Europol and the US Department of Justice have separately announced major international operations leading to the arrest of cybercriminals and shutting down of botnets that defrauded people around the globe.

In a statement today (30 May), Europol, the EU agency for law enforcement co-operation, said that it undertook its largest ever operation against botnets this week. Botnets are networks of computers infected with malicious software such as ransomware that are controlled by criminal groups without the owners’ knowledge.

The European investigation – named Operation Endgame – led to four arrests (one in Armenia and three in Ukraine), but Europol said eight fugitives are on the run and will be added to Europe’s Most Wanted list.

The operation was led by France, Germany and the Netherlands and backed by Denmark, the UK and the US. Other EU countries supported the operations with arrests, searches and seizures.

Europol discovered that one of the main suspects had earned at least €69m in cryptocurrency by renting out criminal infrastructure sites to deploy ransomware. It said that the suspect’s transactions are constantly being monitored and legal permission to seize these assets upon future actions has already been obtained.

Meanwhile, the US arrested a Chinese national called YunHe Wang on 24 May on criminal charges arising from his alleged deployment of malware and the “creation and operation” of a residential proxy service known as 911 S5 which enabled him and others to disseminate malware to compromise and amass a network of millions of residential Windows computers worldwide.

According to the US Department of Justice, these devices were associated with more than 19m unique IP addresses, including more than 600,000 located in the United States. It alleges Wang generated millions of dollars by offering cybercriminals access to these infected IP addresses for a fee. Cybercriminals then used these proxied IP addresses to conceal their true originating IP addresses and locations, and anonymously commit a wide array of offenses.

“As a result of this operation, YunHe Wang was arrested on charges that he created and operated the botnet and deployed malware,” said attorney general Merrick B Garland “This case makes clear that the long arm of the law stretches across borders and into the deepest shadows of the dark web.”

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Vish Gain is a journalist with Silicon Republic