The RCMP says a major international operation has disrupted a Russian-linked cybercrime network responsible for infecting thousands of websites and computers worldwide.
The enforcement action, which was dubbed Operation Endgame and involved police agencies from Canada, the Netherlands, Germany and the United States, targeted a malware framework known as SocGholish.
Authorities say SocGholish is linked to the Russian cybercriminal group Evil Corp and tricks users into downloading malicious files disguised as legitimate computer updates.
The Pacific Region RCMP’s cybercrime team says the malware was spread through thousands of compromised WordPress sites which allowed criminals to gain access to victims’ computer systems and personal data.
“SocGholish has had an impact on all levels of Canadian society, from critical infrastructure, education, government and more,” said Insp. Kurt Bedford with the Vancouver-based team that led Canada’s contribution to the operation, in a statement Thursday.
“All compromised Canadian entities have been notified through Operation Endgame today,” he added.
Mounties say information provided by Dutch police enabled Canadian investigators to develop a technique to disrupt the malware and disinfect a total of 2,488 computers worldwide.
The operation also targeted 14,971 compromised websites, and officials say the technique will help prevent future SocGholish infections.
The RCMP is urging WordPress users to beef up security by changing login credentials, enabling multi-factor authentication and deleting any unused WordPress accounts.
A statement from Dutch national police says Evil Corp, the Russian-linked cybercrime network, is responsible for previous malware attacks known as Zeus and Dridex, and is associated with global ransomware and money-laundering efforts.
