The Netherlands police posted warnings on popular Russian and English hacker forums (RaidForums and XSS), stating that “the deployment of criminal infrastructure in the Netherlands is hopeless.”The messages were published after the successful operation of Operation Ladybird, during which law enforcement agencies from several countries jointly eliminated one of the largest current botnets, Emotet.
The Netherlands Police, along with Ukrainian law enforcement officers, played key roles in the elimination of the botnet. The Netherlands authorities have shut down two of the three main C&C servers located in the country.
So, the authorities of the Netherlands seized two of the three Emotet control servers that were located in the country.
In their messages, law enforcement officers convince participants in hack forums that it is useless to abuse Netherlands hosting providers to host botnets and other criminal activities.
The police have promised that they will continue to seize the infrastructure of the criminals.
A message was posted on Raid in English, and on XSS, formerly known as DamageLab, in Russian. XSS is a Russian-language forum where cybercriminals can rent malware under a malware-as-a-service scheme. The site is currently very popular with ransomware operators.
Additionally, law enforcement officers attached an informational video to their messages:
It is interesting that the administration of RaidForums did not touch the post of law enforcement officers, although the forum members responded with insults and doubted its authenticity.
At the same time, the Russian-language XSS deleted the message, blocked the Dutch police account and posted a warning in the profile to prevent other forum members from trusting the user.
It should be noted that the Netherlands are really actively fighting cybercrime. For example, the country’s law enforcements are known for eliminating 15 DDoS services in a week; secured the closure of the hosting company KV Solutions BV, whose servers and backend infrastructure were used to host many IoT botnets; the encrypted mobile network Ennetcom has stopped working; and also cracked encrypted messages on a server confiscated from Ennetcom.
Let me also remind you that recently the Ukrainian cyber police arrested the author of uPanel phishing kit.