Dutch police help dismantle global cybercrime network, 83 servers and 20 domains seized
Dutch police played a central role in dismantling a major international cybercrime network this week, taking down 83 servers in the Netherlands and seizing 20 criminal domains as part of Operation Endgame, police reported.
Europol and Eurojust coordinated the operation from The Hague. The operation focused on three major malware systems—Rhadamanthys, a data-stealing infostealer; VenomRAT, a Remote Access Trojan; and Elysium, a botnet—that together had infected hundreds of thousands of computers worldwide.
Authorities coordinated 11 searches in recent days, including nine in Dutch data centers, one in Germany, and one in Greece. The main suspect behind VenomRAT was arrested in Greece on November 3, 2025. The infostealer operator reportedly had access to more than 100,000 cryptocurrency wallets, potentially worth millions of euros.
“By taking down the criminal infrastructure, the entire business model of many cybercriminals has been disrupted,” said Stan Duijf, head of Operations at the National Law Enforcement and Intervention Unit. “These malware types have infected hundreds of thousands of victims worldwide. Operation Endgame, started in 2022, is the largest international effort ever to combat ransomware and cybercrime globally.”
The Netherlands worked closely with authorities from Germany, Denmark, France, Belgium, Greece, the United Kingdom, Australia, Canada, the United States, and Lithuania.
Dutch authorities also contacted users of criminal services linked to the malware, urging them to share information through a dedicated Telegram channel. Failed criminal services were publicly exposed via the Operation Endgame website.
Infostealers, botnets, and RATs are widely used by cybercriminals to steal passwords, bank details, and other personal information. RAT software allows remote control of infected computers, while botnets enable criminals to collect data from networks of compromised devices.
In the Netherlands, authorities secured 83 infected servers, while globally more than 600,000 infected computers were neutralized and stolen login data rendered inaccessible.
Dutch authorities advise the public to check their information at politie.nl/checkjehack and repeat the check in the coming weeks as new data is added.
“Law enforcement and the cybersecurity sector need each other to keep the digital world as safe as possible,” Duijf added. “This operation shows the power of intensive international collaboration with both public and private partners.”
