Over the last three days, three major malware strains have been taken down in a large-scale law enforcement operation called Operation Endgame 3.0.
The ongoing initiative was coordinated by Europol and spanned 11 countries including law enforcement agencies from six EU countries, Australia, Canada, the UK and the US, and over 30 private partners from the cybersecurity industry.
Impacted infrastructure is linked to notorious infostealer Rhadamanthys, a remote access trojan called VenomRAT, and the Elysium botnet.
The mission also resulted in:
- Over 1025 servers taken down or disrupted
- 20 domains seized
- 11 locations searched
- The arrest of the suspected main operator of VenomRAT in Greece
Rhadamanthys infostealer “had grown to become one of the leading infostealers since Operation Endgame ‘Season 2’ disrupted the infostealer landscape,” according to a UK government-funded non-profit Shadowserver Foundation statement published on November 13.
This latest operation is the third series of takedowns of cybercrime-enabling infrastructure after Operation Endgame 1.0 (May 2024) and Operation Endgame 2.0 (April 2025).
Phil Wylie, Senior Consultant & Evangelist, Suzu had this to say:
“This operation shows what’s possible when intelligence and collaboration align, but dismantling one infrastructure doesn’t end the threat. Threat actors adapt fast, and defenders must be faster.
“To help reduce such risks, practicing good security hygiene is imperative, as well as proactive security measures including security assessments including penetration tests, and security controls validation.”
Michael Bell, Founder & CEO, Suzu:
“It’s true that it’s cat and mouse, but impact isn’t measured by permanence. Impact is measured by disruption cost and defender advantage gained.
“Operation Endgame 3.0 is forcing adversaries to rebuild 1,025 servers and reconstitute infrastructure across three major malware families (Rhadamanthys, VenomRAT, Elysium) means they’re investing resources in recovery instead of new attacks, and every credential rotation or system hardening that happens during this window reduces future attack surface.
“The arrest of VenomRAT’s main operator and seizure of databases containing millions of stolen credentials also creates operational security paranoia within cybercrime networks because when your infrastructure gets seized, you don’t know what intelligence law enforcement now has about your customers, affiliates, and future plans.
“So yes, they’ll rebuild, but these operations buy defenders time, degrade adversary confidence, and validate the public-private collaboration model that’s the only way to sustainably disrupt the cybercrime ecosystem.”
John Carberry, CMO, Xcape, Inc.:
“Reports indicate that criminals are now locked out of Rhadamanthys control panels, causing significant operational challenges for those involved. Security teams should now scan endpoints for remaining threats, change tokens and credentials across their systems, and integrate new indicators of compromise (IOCs) from the takedown to identify any lingering infections. Expect subsequent phishing campaigns and criminals’ attempts to rebuild infrastructure as they adapt and try new methods.
“The only way to win the cyberwar is to persistently decapitate the criminal infrastructure that runs the world’s malware economy.”
I welcome this news as the only way to beat cybercriminals is to make the cost of operation so high and so difficult that they abandon ransomware as a means to make money. This is a step towards that goal. But only a step as more needs to be done.
Hammerspace Announces Latest Version of its Data Platform Software
Posted in Commentary with tags Hammerspace on November 17, 2025 by itnerdHammerspace, the high-performance data platform for AI Anywhere, today announced the upcoming release of Hammerspace v5.2, delivering performance, security and ecosystem enhancements that help organizations unify, automate and accelerate their AI and high-performance workloads across any on-premises, hybrid or cloud-based infrastructure.
With v5.2, Hammerspace raises the bar on standards-based parallel file system performance, particularly for AI and HPC workloads, continuing the trajectory demonstrated in public benchmarks earlier this year. The new release achieved a 33.7% higher IO500 overall score than results on the previous version published five months ago, with total bandwidth doubling and individual sub-tests showing dramatic improvements — including an over 800% gain in IOR-Hard-Read.
A key component of these performance improvements is Hammerspace’s continued contribution of significant client-side NFS performance enhancements to the standard Linux kernel, improvements specifically designed to accelerate AI and HPC workloads. By tightly integrating Hammerspace software with these upstream kernel advancements, the Data Platform delivers dramatic performance gains without requiring customers to install proprietary software on application servers or trap their data into vendor-locked silos.
This standards-based approach means Hammerspace is compatible with any storage platform, enabling customers to adapt and deliver the performance and low latency needed for new workloads such as training, inference or RAG with existing infrastructure and data sets. This approach eliminates the cost and complexity of migrating data to net-new storage silos to launch AI projects.
To support extreme scale, v5.2 adds Share Referrals, a transparent mechanism that distributes the namespace across as many metadata servers as are needed to accommodate extreme file counts. This enhancement ensures linear scalability, so performance and responsiveness remain steady even as data estates for AI and HPC environments explode.
The release also strengthens security options with the addition of Kerberos authentication and Labeled NFS support. By enabling SELinux and other Mandatory Access Control (MAC) systems to transport and enforce security labels across NFS, organizations gain consistent, fine-grained control over data access, which is essential for sensitive research, government and regulated industries.
Hammerspace v5.2 will further expand the platform’s reach by adding support for running Hammerspace in Oracle Cloud Infrastructure (OCI). New shapes, including bare metal, will be supported, and support for OCI dedicated Regions will follow, providing a critical option for customers that must maintain strict data sovereignty across distributed environments.
This tight OCI integration extends Hammerspace’s multi-site, multi-cloud and multi-protocol capabilities, including its unique S3-connector technology, so customers can seamlessly bridge on-premises environments to cloud-based GPU-accelerated compute clusters in OCI, AWS and Azure. In this way, NFS-based applications gain native, transparent access to cloud compute resources without workflow changes or moving data into new silos.
This seamless hybrid cloud flexibility is what enables organizations such as Meta to burst extreme-performance AI workloads between on-premises data centers and GPU clusters in OCI, with data movement orchestrated among storage types and locations transparently in the background. At the same time, Hammerspace’s global namespace maintains consistent access for users and applications.
Availability
Hammerspace v5.2 will be generally available in December. To learn more or request early access, visit www.hammerspace.com.
In addition to the baseline performance gains, v5.2 introduces Tier 0 affinitization, adding locality-aware intelligence to Tier 0 deployments. By automatically aligning data placement with the optimal servers within a GPU cluster, Tier 0 affinitization reduces east-west network traffic to accelerate throughput and simplifies Tier 0 deployments by eliminating the need for manual configuration. The feature is automatic, transparent and enabled by default.
Leave a comment »