This page is a sub page of the case file for case DIVD-2025-00041 - Victim Notification Operation Endgame S03E01, which contains the general information about this case.
Emails of your organisation were found in an Operation Endgame dataset
You’ve checked our datasets for Operation Endgame S03E01 and found email addresses belonging to your organisation. These are your next steps:
If your domains are in a file with email_apexes in the name, individuals with an email address assiciated with your domain are part of Operation Endgame episode S03E01.
If you have not already done so, send an email to divd-2025-00041@csirt.divd.nl to request additional data and analyse it.
What does this mean?
What we know for sure is that combinations of email addresses and passwords that are associated with a domain belonging to your organisation were used by criminals operating a botnet. They likely used these credentials or the associated email accounts to interact with their victims, or spread malware or phishing campaigns. These credentials where likely obtained by means of information stealing malware.
What should you do?
Given that these credentials have been found by law enforcement, in a recent police operation:
- Determine the severity of this situation based on the number of credentials we emailed you about.
- Investigate the accounts of these users for suspicious activities like large volumes of sent messages, or unusual log in times, or unusual mail rules.
- Consider scanning the devices of these users with malware detection tools.
- Dual factor authentication can stop an attacker that uses a compromised username and password combination from abusing the account implement two-step verification in as many places as possible.
- Consider reporting this event to the appropriate authorities, e.g. law enforcement, privacy and other regulators.
More questions?
The main case file contains a Frequently Asked Questions (FAQ) section. If that does not answer your questions, please reply to the email you received or email us at DIVD-2025-00041@csirt.divd.nl.
For more information, see the main case file.