{"id":275659,"date":"2026-06-18T18:05:00","date_gmt":"2026-06-18T22:05:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/18\/authorities-disrupt-evil-corps-socgholish-botnet\/"},"modified":"2026-06-19T04:20:23","modified_gmt":"2026-06-19T08:20:23","slug":"authorities-disrupt-evil-corps-socgholish-botnet","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/18\/authorities-disrupt-evil-corps-socgholish-botnet\/","title":{"rendered":"Authorities disrupt Evil Corp\u2019s SocGholish botnet"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/socgholish-malware-botnet-takedown-evilcorp\/\">Authorities disrupt Evil Corp\u2019s SocGholish botnet<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/socgholish-malware-botnet-takedown-evilcorp\/\">https:\/\/cyberscoop.com\/socgholish-malware-botnet-takedown-evilcorp\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-18 18:05:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>Authorities on Thursday disrupted a botnet, a malware framework and seized infrastructure that Evil Corp and other cybercrime groups used to steal data and break into various networks.<\/p>\n<p>The globally coordinated effort targeted SocGholish, multi-stage malware that has compromised websites, redirected users to traffic distribution systems (TDS) and slipped malware into their networks since 2017.<\/p>\n<p>\u201cThe malware establishes an initial foothold into victim computers, collectively known as a botnet, and is then used by threat actors for further targeting with ransomware campaigns and espionage,\u201d the FBI\u2019s cyber division said in a statement.\u00a0<\/p>\n<p>Cybersecurity firms, researchers and officials from the United States, Canada, Germany, the Netherlands and Europol took down 106 servers and remediated nearly 15,000 sites that were infected with the malware. Officials also disabled the botnet and notified victims.<\/p>\n<p>Sites infected with SocGholish, which are primarily hosted on WordPress, were widespread and provided everyday services including restaurants and auto repair shops, according to the Dutch National Police.\u00a0<\/p>\n<p>The botnet, also known as \u201cFakeUpdates,\u201d is linked to the Russian cybercrime group Evil Corp. It also provided initial access to other ransomware variants, including DoppelPaymer, WastedLoocker, Hades Ransomware, LockBit, RansomHub and others, according to Infoblox, which participated in the takedown.\u00a0<\/p>\n<p>Proofpoint, which also participated in the disruption, described Evil Corp as one of the most prominent cybercrime groups in operation and the \u201cgrandfather\u201d of a threat type that compromises websites and uses TDS to redirect users to malware.<\/p>\n<p>Following the takedown, the FBI issued a public service announcement warning about cybercriminals using TDS to break into victim networks for ransomware or other financial scams.\u00a0<\/p>\n<p>Cybercriminals redirect traffic from sites to bypass firewalls, obscure their activity, identify&#8230;<\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/socgholish-malware-botnet-takedown-evilcorp\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Authorities disrupt Evil Corp\u2019s SocGholish botnet https:\/\/cyberscoop.com\/socgholish-malware-botnet-takedown-evilcorp\/ Publish Date: 2026-06-18 18:05:00 Source Domain: cyberscoop.com Authorities&#8230;<\/p>\n","protected":false},"author":1,"featured_media":275661,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2018\/01\/botnet_blue.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32],"class_list":["post-275659","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/275659"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=275659"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/275659\/revisions"}],"predecessor-version":[{"id":275662,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/275659\/revisions\/275662"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/275661"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=275659"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=275659"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=275659"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}