LAW ENFORCEMENT TAKES DOWN 15,000 SOCGHOLISH-INFECTED SITES

The coordinated operation targeted the SocGholish botnet, a malware distribution network primarily used for credential theft and ransomware deployment. Evil Corp, also known as WIZARD SPIDER, has been linked to major ransomware campaigns affecting critical infrastructure and businesses worldwide. Authorities cleaned the compromised WordPress installations and seized infrastructure used to command and control the botnet. The takedown represents a significant disruption to one of Russia's most active cybercriminal operations. Evil Corp has been sanctioned by the U.S. Treasury Department and is known for developing the Dridex banking trojan and operating the Conti ransomware-as-a-service platform. The group has targeted healthcare systems, financial institutions, and government agencies across multiple countries. The operation involved law enforcement from multiple nations and coordination with hosting providers to identify and remediate infected systems.