Ddos 
Image: DOJ
The U.S. Department of Justice has announced the seizure of four domains and an associated server operated by an international crypting service syndicate. The operation, led by FBI Houston, in collaboration with Dutch and Finnish national police, was part of Operation Endgame—a multinational initiative aimed at dismantling the infrastructure that enables malware to slip past security defenses worldwide.
The seized platforms were not malware themselves but rather offered crypting and counter-antivirus (CAV) services—tools used by cybercriminals to obfuscate malicious code, making it undetectable by antivirus software. When used in tandem, these services enable attackers to deploy malware capable of infiltrating systems without triggering alarms.
“Crypting is the process of using software to make malware difficult for antivirus programs to detect,” explained the DOJ. “The seized domains offered services to cybercriminals, including counter-antivirus (CAV) tools.”
Undercover agents made purchases from the websites, confirming the services were explicitly marketed to cybercriminals. Authorities also discovered connections to known ransomware groups—some of which had previously targeted victims in the U.S., including organizations in Houston, Texas.
The domain seizures took place on May 27, with banners now replacing the criminal infrastructure, displaying law enforcement agency seals and this message:
“This domain has been seized in accordance with a seizure warrant issued in the United States District Court for the Southern District of Texas as part of a coordinated law enforcement operation…”
These coordinated efforts were supported by law enforcement agencies in The Netherlands, France, Germany, Denmark, with additional support from Ukraine and Portugal.
Operation Endgame is part of a larger trend in law enforcement strategy: attacking the entire cybercriminal supply chain. Instead of simply arresting individuals behind malware attacks, global authorities are now aiming to dismantle the platforms that facilitate cybercrime—from stolen credential marketplaces to crypter services like those recently taken offline.
Related Posts:
- New malware automatically detects computer configuration to determine mining or crypting
- Supply Chain Weakness: Crypt Ghouls Exploit Contractors to Deploy Ransomware
- Justice Department Seizes 41 Domains Used by Russian Intelligence in Massive Cyber Espionage Takedown
- DOJ’s Radical Proposal: Could Google Be Forced to Sell Chrome and Android?
- DOJ Launches Data Security Program to Counter Foreign Data Exploitation
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
