Europol's Hunt Begins for Emotet Malware Mastermind

After a spectacular botnet takedown just a few days ago, Operation Endgame, an international cybersecurity law enforcement cooperative, has now trained its focus on the individual threat actors behind the botnets.

Late last month, Operation Endgame dismantled dropper botnet infrastructure that supported initial-access Trojan malware strains, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot, in a sweeping action. Now, Operation Endgame is going after the individual hackers behind the botnets.

Eight Russian nationals have been added to the list of Europe's most wanted fugitives for their roles behind developing the botnets, including Smokeloader and, most notably, TrickBot. The alleged cybercriminals are named and their photos have been shared among global law enforcement agencies.

Not yet identified, and of keen interest to cyber law enforcement, is the identity of the developer behind the once formidable Emotet malware as a service, who has been code-named "Odd."

The Odd threat actor has gone by various online handles, according to Operation Endgame and, after Emotet's 2021 takedown and one subsequent failed attempt to reemerge, has been able to evade law enforcement.

"Who is Odd?" Operation Endgame's video calling for information about the hacker appeals to viewers: "Please get in touch with us and let us know."

Operation Endgame, led by Europol, is focused on letting adversaries know they are being tracked and that they should consider switching sides.

"We have been investigating you and your criminal undertakings for a long time and we will not stop here," Operation Endgame's site warns cybercriminals. "Feel free to get in touch, you might need us. Surely, we could both benefit from an openhearted dialogue."

Operation Endgame's refrain, "Think about (y)our next move," reinforces the crackdown pledge.