Law enforcement seizes domains selling hacking tools in global operation

In a significant international operation, law enforcement agencies have seized four domains and an associated server linked to a software crypting syndicate that provided services to cybercriminals. The announcement was made by U.S. Attorney Nicholas J. Ganjei.

The syndicate specialized in crypting, a process that makes malware difficult for antivirus programs to detect. These services included counter-antivirus (CAV) tools, which together with crypting, allowed criminals to hide malware and gain unauthorized access to computer systems.

Authorities conducted undercover purchases from the seized websites and analyzed the services offered, confirming their design for cybercrime activities. Court documents also revealed connections between these services and known ransomware groups targeting victims globally, including in Houston.

"Modern criminal threats require modern law enforcement solutions," stated Ganjei. He emphasized the importance of targeting not only individual cybercriminals but also those who enable such activities. "With this syndicate shut down, there is one less provider of malicious tools for cybercriminals out there."

FBI Houston Special Agent in Charge Douglas Williams highlighted the sophistication of cybercriminals: "Cybercriminals don’t just create malware; they perfect it for maximum destruction." He added that the operation helped neutralize a global threat posed by the syndicate's tools.

The seizures took place on May 27 as part of Operation Endgame, involving cooperation between Finnish and Dutch national police along with other countries including France, Germany, Denmark, Ukraine, and Portugal.

The FBI Houston Field Office is leading the investigation with support from partners in The Netherlands and Finland as well as the U.S. Secret Service. Assistant U.S. Attorneys Shirin Hakimzadeh and Rodolfo Ramirez are prosecuting the case while AUSA Kristine Rollinson handles seizure aspects.