An international law enforcement operation has disrupted a malware network linked to the Russia-based cybercrime group Evil Corp, taking down more than 100 servers and disinfecting nearly 15,000 hacked websites used to spread malicious software.
Authorities from the Netherlands, Canada, the United States and Germany said Thursday they dismantled key parts of the SocGholish botnet by seizing domain names and shutting down servers used to infect visitors to legitimate websites, including those of small businesses such as restaurants and auto repair shops.
Dutch police said they also removed malware and backdoors from thousands of infected WordPress websites and notified their owners of the compromise.
SocGholish, also known as FakeUpdates, has been active since 2017 and spreads through fake browser or software update prompts displayed on otherwise legitimate sites. Once installed, the malware allows attackers to deploy additional malicious tools.
“The malware establishes an initial foothold into victim computers, collectively known as a botnet, and is then used by threat actors for further targeting with ransomware campaigns and espionage,” the FBI’s Cyber Division said in a statement.
First identified in 2017, SocGholish has long been associated with Evil Corp, one of Russia’s most notorious cybercrime groups. The threat actor was sanctioned by the United States in 2019 for its role in developing and distributing the Dridex banking malware, which U.S. authorities said caused more than $100 million in financial losses worldwide.
Researchers at cybersecurity firm Infoblox, which assisted with the operation, said SocGholish has also served as an entry point for multiple ransomware groups, including DoppelPaymer, WastedLocker, Hades, LockBit and RansomHub.
Maikel Rollman of the Dutch National High Tech Crime Unit said the operation deprived cybercriminals of access to infected computer systems, helping prevent further harm to individuals, businesses, and organizations worldwide while limiting the spread of malware.
“This marks the beginning of further action against SocGholish,” he added.
Recorded Future
Intelligence Cloud.
Click Here For The Original Source.
