In November 2025, a major public-private sector collaboration took down three significant malware networks. Operation Endgame involved law enforcement agencies from six EU countries, Australia, Canada, the U.K., and the U.S., along with Europol and 30 private sector partners, including CrowdStrike. The dismantled infrastructure consisted of hundreds of thousands of infected computers containing several million stolen credentials.

Operation Endgame was a critical disruption of adversary operations — but it wasn’t the first. Law enforcement has for years sought to take down adversary infrastructure and often partners with private sector organizations like CrowdStrike to inform their operations. By disrupting the tools and processes threat actors rely on, these takedowns raise the cost for adversaries and make it harder for them to operate.

As Adam and Cristian discuss in this episode, takedowns require careful planning and constant innovation. Adversaries are always finding new techniques and tools, and law enforcement must do the same. While disruption may slow them down, threat actors are often quick to pivot and find new ways to achieve their goals.

In this episode, we examine how law enforcement takedowns disrupt adversary operations, how adversaries respond, where the private sector provides support, and what this all means for organizations facing modern threats.