TZUTC: -0500   
   MSGID: 1702.consprcy@1:2320/105 2d7b1fcb   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Top infostealer disrupted after criminals lose server access   
      
   Date:   
   Wed, 12 Nov 2025 14:54:03 +0000   
      
   Description:   
   The Rhadamanthys infostealer has been disrupted, possibly by German law   
   enforcement.   
      
   FULL STORY   
      
   The Rhadamanthys infostealer, one of the most popular malware-as-a-service   
   (MaaS) offerings on the dark web, has apparently been disrupted, with many of   
   its customers locked out.    
      
   Researchers known as g0njxa and Gi7w0rm saw multiple cybercriminals reporting   
   troubles using the tool, since the police obtained access to their web    
   panels.    
      
   The MaaS developer blamed the German police for the disruption, saying   
   entities with German IP addresses were logging into the web panels hosted in   
   EU data centers right before access was revoked.   
      
   German police blamed    
      
   German police are yet to confirm or deny these claims, though. Speaking to   
   BleepingComputer , G0njxa said Rhadamanthys Tor site is also offline, but it   
   currently doesnt have the usual police seizure banner, so there is still a   
   chance that this is the work of a different actor.    
      
   For one user, SSH access now requires a certificate instead of root password,   
   preventing entry: "If your password cannot log in. The server login method    
   has also been changed to certificate login mode, please check and confirm, if   
   so, immediately reinstall your server, erase traces, the German police are   
   acting," that person allegedly wrote.    
      
   "I confirm that guests have visited my server and the password has been   
   deleted.rootServer login became strictly certificate-based, so I had to   
   immediately delete everything and power down the server, another one wrote.   
   Those who installed it manually were probably unscathed, but those who   
   installed it through the "smart panel" were hit hard.    
      
   At the same time, BleepingComputer uncovered the website for Operation   
   Endgame, an ongoing police action targeting different MaaS operations,   
   currently has a countdown timer, set to expire in approximately 21 hours.    
      
   Operation Endgames last activity was in May 2025, when Europol and Eurojust   
   dismantled a ransomware kill chain. In that operation, the police seized   
   roughly 300 servers, took down 650 domains, and issued international arrest   
   warrants against 20 individuals. The police also seized 3.5 million in    
   various cryptocurrencies.    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/top-infostealer-disrupted-after-crimina   
   ls-lose-server-access   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426