Dutch law enforcement and international partners disrupted SocGholish infrastructure, took down 106 servers, and cleaned nearly 15,000 infected WordPress sites in Operation Endgame. The campaign targeted a wide range of industries and used compromised websites, domain shadowing, and traffic filtering to deliver follow-on payloads. #SocGholish #FakeUpdates #OperationEndgame #TA569 #TA2726
Keypoints
- Authorities disrupted infrastructure linked to SocGholish.
- 106 servers were taken down and 14,971 WordPress sites were cleaned.
- Website owners were told to update CMS software and reset credentials.
- SocGholish, also known as FakeUpdates, has been active since 2017.
- The malware is used by multiple threat actors to deliver additional payloads.
Read More: https://thehackernews.com/2026/06/operation-endgame-disrupts-socgholish.html