The U.S. Department of Justice (DOJ) announced the dismantling of a global malware network responsible for stealing $5.9 billion in Covid relief funds and committing other crimes such as child exploitation and bomb threats. The network, described as the “world’s largest botnet,” was disrupted during Operation Endgame, conducted from May 27-29, 2024. The operation targeted key malware droppers like IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot, resulting in the arrest of high-value targets, the takedown of criminal infrastructures, and the freezing of illicit proceeds.
Central to this cybercrime ring was YunHe Wang, a 35-year-old Chinese national arrested by the FBI. Wang, alleged to be the head of the 911 S5 cybercrime network, was charged with creating a botnet that remotely controlled a network of hacked devices to launch cyberattacks. This botnet, active from 2014 to 2022, facilitated ransomware attacks and was involved in defrauding the U.S. government by filing approximately 560,000 false unemployment claims during the Covid pandemic, resulting in $5.9 billion in fraudulent payouts.
Wang’s botnet, which operated from around 150 servers globally, including some in the U.S., hacked into over 19 million IP addresses in nearly 200 countries. This vast network was used to spread ransomware, harass individuals, and exchange child exploitation materials. Wang allegedly amassed a fortune of $99 million by selling access to these compromised IP addresses and licensing his malware to other criminals. The FBI seized luxury cars, watches, and over 20 properties linked to Wang, underscoring the scale of his illicit operations.
Operation Endgame was a coordinated international effort involving law enforcement agencies from multiple countries, including the U.S., Germany, France, and the Netherlands. It led to the arrest of four high-value suspects, the seizure of over 100 servers, and the control of more than 2,000 internet domains. The operation also involved contributions from private partners like Bitdefender and Proofpoint, who provided analytical, crypto-tracing, and forensic support.
The dismantling of the 911 S5 network highlights the evolving nature of cybercrime, where advanced technology is leveraged to commit large-scale fraud. Despite the sophistication of these operations, the human element remains a critical vulnerability. Law enforcement agencies, using a combination of advanced tools and international cooperation, have demonstrated their ability to disrupt even the most complex cybercrime networks. Wang faces up to 65 years in prison if convicted on charges of computer fraud, wire fraud, and money laundering.
Expanded Coverage: