Law enforcement authorities from around the world have taken part in a targeted operation to disrupt infrastructure enabling the spread of SocGholish, a malware strain that targets WordPress sites in order to infect their visitors.
Agencies and judicial authorities from the Netherlands, Germany, Denmark, the United States, Australia, France, Belgium, the United Kingdom and Canada, assisted by Europol and Eurojust, took part in the latest cyber enforcement operation as part of Operation Endgame, targeting a malicious tool known to be used by the Russian cyber crime group Evil Corp.
As part of the operation, 106 domains and servers were taken down and 14,971 WordPress sites were remediated during a recent weeklong action. In addition to cleaning infected WordPress sites, victims were notified and site owners were urged to update their login credentials.
“With these actions we deprive cyber criminals of access to infected computer systems. This prevents further damage to the digital systems of citizens, businesses and organisations worldwide and limits the spread of malware,” Maikel Rollman of the National High Tech Crime Unit said in an 18 June statement.
“It also reduces the risk that these systems are used for cyber attacks on critical infrastructure and other essential societal processes. This marks the beginning of further action against SocGholish.”
SocGholish has been in circulation since 2017 and is often used to deploy further malware and even ransomware, all done via infected WordPress sites. For its part, Evil Corp is responsible for several major ransomware incidents and running its own money laundering operations.
HaveIBeenPwned, DIVD, Spamhaus, CheckjeHack, NoMoreLeaks, The Shadowserver Foundation and NCSC (Netherlands) also assisted with victim notification, and the operation was supported by several private parties.
“The investigative services and the cyber security sector need each other greatly to make the digital world as safe as possible and to keep it that way,” Rollman said.
“That is why we work intensively together with public and private parties. Operation Endgame is a good example and we will continue to work this way in the future.”
Operation Endgame launched in 2024 and is one of the largest anti-cyber crime operations ever undertaken.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.