International law enforcement agencies take down Avalanche
The malware network's infrastructure housed at least 17 different malware families.
Avalanche, a malware-hosting network, was recently targeted in a global takedown operation that saw the dismantling of its infrastructure used by at least 17 malware families.
The successful takedown operation saw the seizure of 39 servers, as well as the closing of several hundred thousand domains.
The operation came about as a result of a four-year investigation, conducted through the combined effort from numerous international law enforcement agencies and public prospectors, as well as contributions from the global IT security market, which included Symantec.
The cybersecurity specialist provided technical assistance to the police during the initial stages of the investigation. Symantec helped aided law enforcement agencies to reverse engineer malware and identify malicious infrastructure.
This led to the identification of several malware families that shared the same command and control (C&C) infrastructure, which helped the Luneberg police to expand their investigation further, by classifying these malware families under the term Avalanche botnet.
Symantec previously published research on law enforcement ransomware, which noted similarities in C&C servers utilised in previous cyberattacks.
In the years that followed, the Luneberg police, in close collaboration with the Verden Public Prosecutor's Office, as well as contributions from the BSI, FKIE and BFK law enforcement entities, continued to investigate the Avalanche network.