An international law enforcement operation dismantled major parts of the SocGholish botnet linked to Evil Corp, seizing domains, taking down servers, and disinfecting nearly 15,000 compromised websites. The campaign targeted fake update infections spread through legitimate sites and disrupted an initial access platform used to support ransomware and espionage activity. #EvilCorp #SocGholish #FakeUpdates #Dridex #DoppelPaymer #WastedLocker #Hades #LockBit #RansomHub
Keypoints
- Authorities took down more than 100 servers used by the SocGholish botnet.
- Nearly 15,000 hacked websites were disinfected in the operation.
- SocGholish spreads through fake browser or software update prompts on legitimate websites.
- The malware gives attackers an initial foothold for ransomware and espionage campaigns.
- Evil Corp and several ransomware groups have been linked to SocGholish activity.
Read More: https://therecord.media/socgholish-botnet-disrupted