Risky Bulletin: Europol Takes Down Elysium, VenomRAT, and Rhadamanthys
Podcast: Risky Bulletin (Risky.biz)
Date: November 14, 2025
Host: Claire Aird
Episode Overview
This episode delivers the latest in cybersecurity news, focusing on significant law enforcement operations disrupting major malware networks (Elysium, VenomRAT, and Rhadamanthys), fresh industry incidents, new government initiatives, and key updates from tech giants like Google. Presented in a concise, news-bulletin style by Claire Aird, the podcast covers international cyber operations, regulatory actions, attacks on infrastructure, and the evolving threat landscape.
Key Discussion Points & Insights
1. Europol’s Operation Endgame: Major Malware Takedown
[00:04-01:30]
- Europol and international law enforcement seized over 1,000 servers and 20 domains linked to:
- Rhadamanthys Infostealer
- VenomRAT
- Elysium botnet
- These malware platforms infected "hundreds of thousands of users" and "stole tens of millions of credentials."
- Recent arrest: Operator of VenomRAT apprehended in Greece.
- Operation Endgame is described as a "coordinated campaign targeting criminal infrastructure that enables ransomware attacks."
“Authorities seized more than 1,000 servers and 20 domains used by the Ratamanthus Infostealer, the Venom Rat and the Elysium botnet.”
— Claire Aird [00:17]
2. Checkout.com Refuses Ransom, Donates to Research
[01:30-02:10]
- Checkout.com declined to pay a ransomware demand after an old cloud server breach, choosing to donate the requested amount to university cybercrime research.
- Data affected was from 2020, impacting less than a quarter of customers.
- Attacker: Shiny Hunters group identified as the perpetrator.
“Checkout.com says it will donate the requested ransom to universities conducting cybercrime research instead.”
— Claire Aird [01:36]
3. Cyber Attacks Disrupt European Broadcasting
[02:10-02:40]
- Radio Ncivelle (Germany) suffered hardware damage and IT system rebuilds after a cyber attack.
- Incident followed a similar attack on Dutch broadcaster RTV Nord, indicating a pattern.
4. Google Targets Phishing and Announces Security Changes
[02:40-03:40]
- Google lawsuit: Filed against Lighthouse, a China-based “phishing as a service” group behind large SMS spam campaigns impersonating Google and USPS, scamming over a million victims in 120 countries.
- Seeks judicial shutdown and injunction against 25 individuals.
- Private AI Compute: New Google feature allows AI data processing on encrypted cloud servers, following Apple’s lead.
- Android developer policy change: Google walks back from fully mandatory registration:
- Some unverified developers (students, hobbyists) will be allowed.
- Experienced users can install from unverified sources.
- This decision follows backlash and grassroots reporting campaigns from the mobile dev community.
“Google says, having considered feedback, it will allow some developers to go unverified, such as students and hobbyists.”
— Claire Aird [03:28]
5. Government & Regulatory Developments
[03:40-05:10]
- EU Democracy Shield: Not all member states required to participate; initiative aims to boost anti-disinformation in elections.
- UK Proposed Cyber Laws: Targeting public utilities and supply chain, enforcing minimum cybersecurity standards with turnover-based fines for noncompliance.
- Australian Critical Infrastructure: Chinese state-backed groups (Salt Typhoon, Volt Typhoon) implicated in recent attacks and threats of sabotage.
- North Korean Intelligence Reorg: RGIB consolidates cyber, signals, human intelligence, and satellite data operations.
- US Seizure of Crypto: Disputed $15 billion crypto grab from Cambodian scam operators, with China claiming some funds were from a 2020 domestic breach.
6. Russia’s New Mobile Connectivity Rule
[05:10-05:35]
- Russian SIM cards used abroad will be blocked for 24 hours upon reentry, aiming to disrupt Ukrainian drone operations using Russian networks.
- Users can expedite reconnection via CAPTCHA.
7. US Crackdown on Southeast Asian Scam Compounds
[05:35-06:00]
- DOJ’s SCAM Centre Strikeforce: New task force targeting scam compound operators, already seized $400 million in crypto.
- Treasury sanctions against Myanmar’s Democratic Karen Benevolent Army and its leaders for running scam compounds—also targeting associated businesses and individuals.
8. Other Significant Cybercrime Updates
[06:00-06:30]
- French and Italian police arrested five connected to an international car theft network selling radio key fob decoders (€50,000 each) in 17+ countries.
- Vietnam: Foreigner arrested for mass phishing via SMS blaster, impersonating national institutions.
9. AI Tools in Cyber Attacks
[06:30-07:00]
- Unnamed Chinese APT group used Anthropic’s Claude generative AI to automate cyberattacks: scanning, lateral movement, and exfiltration, with “minimal human interaction.”
- First known “scientific-scale” APT campaign leveraging AI agents.
10. Memory Safety Improvements in Android
[07:00-07:20]
- Google reports memory safety vulnerabilities in Android are now below 20%, crediting its use of Rust language.
- Rust also reduced code review time by 25% and code rollbacks by a factor of four.
“The proportion of memory safety vulnerabilities in Android has fallen below 20% for the first time. Google credited the improvement to its adoption of the Rust programming language.”
— Claire Aird [07:09]
Notable Quotes & Memorable Moments
- “Authorities seized more than 1,000 servers and 20 domains used by the Ratamanthus Infostealer, the Venom Rat and the Elysium botnet.” — Claire Aird [00:17]
- “Checkout.com says it will donate the requested ransom to universities conducting cybercrime research instead.” — Claire Aird [01:36]
- “Google says, having considered feedback, it will allow some developers to go unverified, such as students and hobbyists.” — Claire Aird [03:28]
- “The proportion of memory safety vulnerabilities in Android has fallen below 20% for the first time. Google credited the improvement to its adoption of the Rust programming language.” — Claire Aird [07:09]
Timestamps for Key Segments
- Europol Takedown: [00:04-01:30]
- Checkout.com Response: [01:30-02:10]
- Broadcast Attacks: [02:10-02:40]
- Google vs. Phishing + Policy Change: [02:40-03:40]
- EU/UK/Aus/US Regulatory Changes: [03:40-05:10]
- Russia Mobile Block: [05:10-05:35]
- Scam Centre Strikeforce: [05:35-06:00]
- Car Theft Network/Vietnam Phishing: [06:00-06:30]
- AI-Augmented Intrusions: [06:30-07:00]
- Android Memory Safety: [07:00-07:20]
Overall Tone and Takeaway
Direct, factual, and succinct, this episode delivers a sweeping rundown of pivotal cybersecurity news, with an emphasis on international threats, advanced law enforcement action, and tech industry responses. It’s an essential update for security professionals, policy watchers, and anyone interested in how geopolitical and technical shifts are shaping today’s cyber risks.
