DistantNews
Support us
Civilian experts key to international police probe against Russian cybercriminals
๐Ÿ‡จ๐Ÿ‡ฆ Canada /Crime & Justice

Civilian experts key to international police probe against Russian cybercriminals

From Global News · () English

Translated from English, summarized and contextualized by DistantNews.

At a glance

News Named sources Outcome reported
  • Civilian cybercrime investigators played a key role in an international operation targeting Russian cybercriminals.
  • The operation, dubbed "Operation Endgame," focused on SocGholish malware used to infect thousands of WordPress sites.
  • Authorities urge WordPress users to change credentials, enable multi-factor authentication, and keep sites updated to prevent infections.

An international police operation has successfully disrupted a cybercriminal network linked to Russia, with civilian investigators proving instrumental in the effort. Operation Endgame targeted the SocGholish malware, which cybercriminals exploited to gain unauthorized access to computer systems by infecting thousands of WordPress websites.

One of our civilian experts came up with a way to decode pieces of the SocGholish code and that sort of gave us a โ€˜springboardโ€™ to work forward and share with the international community.

โ€” Sgt. Warren KrahenbilLeader of the RCMPโ€™s Federal Cybercrime Investigative Team, explaining the critical role of civilian investigators in Operation Endgame.

Sgt. Warren Krahenbil of the RCMP's Federal Cybercrime Investigative Team in Vancouver detailed the operation, highlighting the crucial contribution of civilian experts. "One of our civilian experts came up with a way to decode pieces of the SocGholish code," Krahenbil said. "That sort of gave us a springboard to work forward and share with the international community."

The joint action involved law enforcement agencies from the Netherlands, the United States, and Germany. According to a statement from Dutch police, the operation led to the takedown of 106 servers and domains globally. Authorities remediated nearly 15,000 websites, cleaned infected WordPress sites, and notified victims of the group's activities.

The malware did infect a large number of WordPress websites, itโ€™s tailored to certain sites, though.

โ€” Sgt. Warren KrahenbilDescribing the scope and targeting of the SocGholish malware.

Authorities are advising WordPress website owners to take immediate security measures. These include changing login credentials, enabling multi-factor authentication, removing any unrecognized WordPress accounts, and ensuring their sites are kept up to date. The malware was believed to be used for both financial gain and intelligence gathering, with infected systems potentially allowing attackers to download additional malware and extract data.

When youโ€™re infected with SocGholish, they have access and then they use that access to download additional malware to control the computer, to search the computer and extract data.

โ€” Sgt. Warren KrahenbilExplaining how the SocGholish malware operates once a system is infected.
DistantNews Editorial

Originally published by Global News in English. Translated, summarized, and contextualized by our editorial team with added local perspective. Read our editorial standards.

More Stories

From Our Blog