OPERATION ENDGAME 2.0
Last year, Operation Endgame marked the biggest anti-botnet operation to date. The Dutch Police, in cooperation with police units from Germany, France, Denmark, the United States and United Kingdom and support from Europol and Eurojust had infiltrated a number of botnets. Now, they are back. Operation Endgame 2.0 marks new takedowns and new information obtained by the organizations behind this operation.
This data has been shared with us and various other parties like: Check Je Hack, Have I Been Pwned, No More Leaks, the (Dutch) NCSC, CSIRT-DSP and Digital Trust Center.
The data we have received consists of usernames, (redacted) passwords, and dates of these passwords last being used. It is expected that this data originates from the password managers of popular browsers.
Recommendation
If you received a notification from us, you, members of your organization or your customers had their password stolen or system infected by the Latrodectus infostealer. Detailed recommendations can be found in our CSIRT Casefile: https://csirt.divd.nl/cases/DIVD-2025-00018/
What you can do
As these notifications mostly span user accounts, you should start with ensuring your system is clean from any malware. After, you should change the passwords of any accounts that are currently using the passwords indicated in the notification. If you received a notification from us, you, members of your organization or your customers had their password stolen or system infected by the Latrodectus infostealer. Detailed recommendations can be found in our CSIRT Casefile:
What we are doing
We have received the discovered data from the police, and are sending out notifications to individuals and organizations that have fallen victim to compromise. To effectively do this, we are in close cooperation with the Dutch National Police as well as the NCSC, CSIRT-DSP and DTC.