top of page

The takedown continues…

Over the last few weeks, arrests for prominent cyber criminals have been a common headline among news outlets, largely thanks to Operation Endgame. But what is Operation Endgame, and what does its success look like?

During the last few weeks, Ukrainian police arrested an individual suspected to be a member of Lockbit and Conti. The individual specialised in the development of cryptors which is used for the encryption of malware for defence evasion.

This follows a number of arrests made in the name of Operation Endgame, with many threat actors going to ground to avoid detection.

Operation Endgame has made waves globally for the successful takedowns of notorious botnets and bringing individuals participating in some of the most advanced cyber operations globally to justice.

To date, infrastructure and tooling have been tracked and taken down by law enforcement globally. In this most recent escalation, cyber teams from the Ukrainian police arrested an individual suspected of being a member of the Lockbit/Conti groups.

Lockbit has been a notorious ransomware group targeting organisations globally and have been operating over many years. Their activities have led to millions of pounds in ransomware payments being made to the operators, with high-profile attacks including Royal Mail and Boeing.

In total, analysis found that LockBit affiliates have made over £100 million in ransom payments, demonstrating the lucrative nature of malicious cyber operations.

This marks just one instance where arrests have been made in relation to threat actors. Just last month, YunHe Wang, and a Chinese national associated with the People’s Republic of China, was arrested on May 24t for being the administrator of the notorious residential proxy service known as 911 S5.

The service, which used over 19 million unique IP addresses and was classed as the world’s largest botnet, was finally dismantled.

Due to Operation Endgame, eight further individuals have been listed on Europol’s most wanted by Germany for their association with the notorious group Trikbot; all of these individuals are Russian nationals and currently residing in Russia.

As the operation continues, it is likely we are going to see further arrests and warrants issued for notable cyber criminals and threat actors.

Threat Intelligence teams have identified trends and activities made by existing threat groups off the back of Operation Endgame. The first example being the sudden departure of the ransomware group Shiny Hunters.

It is likely that, as time goes on, further groups and threat actors will start to lay low, in an attempt to avoid drawing attention from law enforcement. Threat Intelligence teams continue to monitor the situation and further developments off the back of Operation Endgame.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page