Overview
- Coordinated actions between November 10 and 13 disrupted 1,025 servers and seized 20 domains, with searches at 11 locations in Germany, Greece and the Netherlands.
- A 38-year-old suspected VenomRAT operator was arrested in Athens on November 3 under a European arrest warrant issued by France.
- Europol reports hundreds of thousands of infected computers and several million stolen credentials, with the Rhadamanthys suspect holding access to over 100,000 cryptocurrency wallets worth potential millions of euros.
- The Shadowserver Foundation shared historical Rhadamanthys infection data with 201 national CSIRTs in 175 countries and more than 10,000 network owners to support remediation.
- Have I Been Pwned received 2 million affected email addresses and 7.4 million passwords to enable exposure checks, with users urged to change passwords, enable two-factor authentication, and use politie.nl/checkyourhack.