Large-scale sting tied to Operation Endgame disrupts ransomware infrastructure | CyberScoop<\/title> <meta name=\"description\" content=\"Law enforcement agencies in Europe and North America have dismantled major infrastructure used in ransomware attacks as part of Operation Endgame, disrupting initial access malware and issuing international arrest warrants against key suspects.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/operation-endgame-ransomware-infrastructure-takedown-europol\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Large-scale sting tied to Operation Endgame disrupts ransomware infrastructure\"> <meta property=\"og:description\" content=\"Law enforcement agencies in Europe and North America have dismantled major infrastructure used in ransomware attacks as part of Operation Endgame, disrupting initial access malware and issuing international arrest warrants against key suspects.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/operation-endgame-ransomware-infrastructure-takedown-europol\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-05-23T14:08:46+00:00\"> <meta property=\"article:modified_time\" content=\"2025-05-23T14:08:49+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/large-scale-sting-tied-to-operation-endgame-disrupts-ransomware-infrastructure-1.png\"> <meta property=\"og:image:width\" content=\"587\"> <meta property=\"og:image:height\" content=\"390\"> <meta property=\"og:image:type\" content=\"image\/png\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@gregotto\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1746040294g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1747327192g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1747926732g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84663\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84663\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Foperation-endgame-ransomware-infrastructure-takedown-europol%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Foperation-endgame-ransomware-infrastructure-takedown-europol%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-84663 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/operation-endgame-ransomware-infrastructure-takedown-europol\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.638095238095\">\n<div class=\"single-article__header-content\" readability=\"32.878787878788\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/operation-endgame-ransomware-infrastructure-takedown-europol\/\"> <span>Uncategorized<\/span> <\/a> <\/li>\n<\/ul>\n<p> A coordinated effort took down seven kinds of malware and targeted initial access brokers. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84663\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"587\" height=\"390\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/large-scale-sting-tied-to-operation-endgame-disrupts-ransomware-infrastructure.png?resize=587%2C390&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/large-scale-sting-tied-to-operation-endgame-disrupts-ransomware-infrastructure-1.png 587w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/large-scale-sting-tied-to-operation-endgame-disrupts-ransomware-infrastructure-1.png?resize=300,199 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/large-scale-sting-tied-to-operation-endgame-disrupts-ransomware-infrastructure-1.png?resize=253,168 253w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/large-scale-sting-tied-to-operation-endgame-disrupts-ransomware-infrastructure-1.png?resize=507,337 507w\" sizes=\"(max-width: 587px) 100vw, 587px\"><figcaption> A map shows where infrastructure was targeted. (Europol) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"41.096519349668\"><body readability=\"85.193680196132\"><\/p>\n<p>Law enforcement agencies from Europe and North America have dismantled key infrastructure behind several leading malware strains used in ransomware attacks, the latest action in a yearslong effort to combat cybercriminals. <\/p>\n<p>The operation, conducted as part of <a href=\"https:\/\/www.operation-endgame.com\/\">Operation Endgame<\/a>, targeted the early stages of the cybercrime chain, focusing on initial access malware. The coordinated effort resulted in the takedown of approximately 300 servers and the neutralization of 650 domains worldwide.<\/p>\n<p>The crackdown is part of a sustained campaign against groups and individuals who provide access to compromised networks, enabling ransomware attacks against an array of professional organizations. Authorities issued international arrest warrants for 20 suspects.<\/p>\n<p>Among the malware tools disrupted were Bumblebee, Lactrodectus, Qakbot, Hijackloader, DanaBot, Trickbot, and Warmcookie. These malicious software programs are typically offered as a \u201ccybercrime-as-a-service\u201d model, allowing other criminal actors to purchase access into victim networks. Their removal is expected to make it harder for organized groups to launch further ransomware attacks.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Details of the takedowns have trickled out over the course of the week. U.S. officials unsealed a <a href=\"https:\/\/www.justice.gov\/usao-cdca\/media\/1401356\/dl?inline\">grand jury indictment<\/a> and <a href=\"https:\/\/www.justice.gov\/usao-cdca\/media\/1401361\/dl?inline\">criminal complaint<\/a> Thursday charging 16 individuals for their alleged involvement in the development and <a href=\"https:\/\/cyberscoop.com\/danabot-malware-botnet-seizure-takedown\/\">deployment of DanaBot<\/a>. The DOJ on Thursday also unsealed a <a href=\"https:\/\/www.justice.gov\/d9\/2025-05\/qakbot_indictment.pdf\">federal indictment<\/a> charging Rustam Rafailevich Gallyamov, 48, of Moscow, Russia, with allegedly leading the cybercrime group responsible for the development and deployment of the Qakbot malware operation, which was <a href=\"https:\/\/cyberscoop.com\/fbi-doj-major-botnet-and-malware-takedown-qakbot\/\">disrupted by international law enforcement in 2023<\/a>. <\/p>\n<p>The operation marks a continuation of international law enforcement actions following large-scale botnet takedowns in 2024. Officials report that EUR 3.5 million in cryptocurrency was seized as part of this week\u2019s operation, bringing the total seized during Operation Endgame to more than EUR 21.2 million.<\/p>\n<p>Agencies from Canada, Denmark, France, Germany, the Netherlands, the United Kingdom, and the United States participated, with Europol providing operational and analytical support as well as real-time information exchange. <\/p>\n<p>This week\u2019s actions were focused on initial access brokers, aiming to disrupt the broader ecosystem that supports ransomware deployment. Even with these takedowns and incidents, officials stressed that ransomware gangs routinely adapt malware or re-form under new names following arrests or infrastructure takedowns. <\/p>\n<p>\u201cThis new phase demonstrates law enforcement\u2019s ability to adapt and strike again, even as cybercriminals retool and reorganise,\u201d Catherine De Bolle, Europol\u2019s executive director, said <a href=\"https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/operation-endgame-strikes-again-ransomware-kill-chain-broken-its-source\">in a release<\/a>. \u201cBy disrupting the services criminals rely on to deploy ransomware, we are breaking the kill chain at its source.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The scope of Operation Endgame reflects the increasing complexity of cybercrime, which spans multiple jurisdictions and requires ongoing adaptation from authorities. Law enforcement and judicial entities have signaled that the crackdown is part of a sustained campaign, with follow-up actions planned and updates to be posted on a dedicated website.<\/p>\n<p>Looking ahead, Europol has announced that its upcoming 2025 Internet Organised Crime Threat Assessment, which will be released June 11, will emphasize the threat posed by initial access brokers. The concentration indicates a continued shift in focus toward preempting cyberattacks at the earliest possible stage, rather than concentrating resources solely on responding to successful ransomware deployments.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.3539568345324\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/large-scale-sting-tied-to-operation-endgame-disrupts-ransomware-infrastructure.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/operation-endgame-ransomware-infrastructure-takedown-europol\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Large-scale sting tied to Operation Endgame disrupts ransomware infrastructure |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4329,282,4327,4330,2145,669,117,4331,4332,4333,4334,892,46,913,1,4335],"tags":[4336,286,4328,4337,2147,671,119,4338,4339,4340,4341,893,54,915,325,4342],"class_list":["post-7672","post","type-post","status-publish","format-standard","hentry","category-bumblebee","category-cybercrime","category-danabot","category-deparment-of-justice","category-europol","category-federal-bureau-of-investigation-fbi","category-government","category-hijackloader","category-initial-access-brokers","category-lactrodectus","category-operation-endgame","category-qakbot","category-ransomware","category-trickbot","category-uncategorized","category-warmcookie","tag-bumblebee","tag-cybercrime","tag-danabot","tag-deparment-of-justice","tag-europol","tag-federal-bureau-of-investigation-fbi","tag-government","tag-hijackloader","tag-initial-access-brokers","tag-lactrodectus","tag-operation-endgame","tag-qakbot","tag-ransomware","tag-trickbot","tag-uncategorized","tag-warmcookie"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/bumblebee\/\" rel=\"category tag\">Bumblebee<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/danabot\/\" rel=\"category tag\">DanaBot<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/deparment-of-justice\/\" rel=\"category tag\">Deparment of Justice<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/europol\/\" rel=\"category tag\">Europol<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/federal-bureau-of-investigation-fbi\/\" rel=\"category tag\">Federal Bureau of Investigation (FBI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/hijackloader\/\" rel=\"category tag\">Hijackloader<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/initial-access-brokers\/\" rel=\"category tag\">initial access brokers<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/lactrodectus\/\" rel=\"category tag\">Lactrodectus<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/operation-endgame\/\" rel=\"category tag\">operation endgame<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/qakbot\/\" rel=\"category tag\">QakBot<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/trickbot\/\" rel=\"category tag\">TrickBot<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/warmcookie\/\" rel=\"category tag\">Warmcookie<\/a>","tag_info":"Warmcookie","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7672","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7672"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7672\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7672"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7672"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7672"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7672,"date":"2025-05-23T09:08:46","date_gmt":"2025-05-23T14:08:46","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84663"},"modified":"2025-05-23T09:08:46","modified_gmt":"2025-05-23T14:08:46","slug":"large-scale-sting-tied-to-operation-endgame-disrupts-ransomware-infrastructure","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/05\/23\/large-scale-sting-tied-to-operation-endgame-disrupts-ransomware-infrastructure\/","title":{"rendered":"Large-scale sting tied to Operation Endgame disrupts ransomware infrastructure"},"content":{"rendered":"