Operation Endgame takedown of SocGholish and Evil Corp infrastructure
Law Enforcement
Summary
Hide ▲
Show ▼
International law enforcement cleaned 14,971 WordPress sites and took 106 servers and domains offline in a coordinated takedown of SocGholish infrastructure linked to Evil Corp. The action disrupted a long-running malware infection chain used to hijack legitimate sites and deliver malicious payloads. It reduced cybercriminal access to compromised systems across citizens, businesses, and organizations worldwide. The operation is part of Operation Endgame and signals further action against the same infrastructure.
Related Happenings
SocGholish malware downloader hijacking WordPress sites
Malware Activity
H score53
First: 18.06.2026 16:25
Last: 18.06.2026 16:25
Sources 1
How related:
The SocGholish JavaScript-based malware downloader (also tracked as FakeUpdates and GhoLoader) has been used in attacks since at least 2017, and it works by hijacking legitimate websites (primarily WordPress sites) and tricking visitors into downloading malicious payloads, commonly disguised as fake browser updates.
About this happening:
SocGholish is a long-running **JavaScript-based malware downloader** that hijacks **legitimate WordPress sites** to push **fake browser updates**, creating a persistent path for v...
SocGholish malware downloader hijacking WordPress sites
Malware ActivityHow related: The SocGholish JavaScript-based malware downloader (also tracked as FakeUpdates and GhoLoader) has been used in attacks since at least 2017, and it works by hijacking legitimate websites (primarily WordPress sites) and tricking visitors into downloading malicious payloads, commonly disguised as fake browser updates.
About this happening: SocGholish is a long-running **JavaScript-based malware downloader** that hijacks **legitimate WordPress sites** to push **fake browser updates**, creating a persistent path for v...
FBI takedown of Outsider Enterprise phishing service
Law Enforcement
H score63
First: 14.06.2026 17:36
Last: 14.06.2026 17:36
Sources 1
About this happening:
The **FBI** and partners **dismantled** **Outsider Enterprise**, a **phishing-as-a-service** operation tied to **thousands of phishing websites** and large-scale credential theft....
FBI takedown of Outsider Enterprise phishing service
Law EnforcementAbout this happening: The **FBI** and partners **dismantled** **Outsider Enterprise**, a **phishing-as-a-service** operation tied to **thousands of phishing websites** and large-scale credential theft....
Operation PowerOff DDoS-for-hire takedown
Law Enforcement
H score50
First: 17.04.2026 09:40
Last: 17.04.2026 09:40
Sources 1
About this happening:
Europol and partners in 21 countries carried out Operation PowerOff, disrupting a DDoS-for-hire/booter-service ecosystem. The coordinated action took down 53 domains, seized infra...
Operation PowerOff DDoS-for-hire takedown
Law EnforcementAbout this happening: Europol and partners in 21 countries carried out Operation PowerOff, disrupting a DDoS-for-hire/booter-service ecosystem. The coordinated action took down 53 domains, seized infra...
Latest development: 17.04.2026 14:30
Europol-led Operation PowerOff involved police and cybersecurity agencies from 21 countries and disrupted DDoS-for-hire infrastructure by taking down 53 domains, seizing databases linked to over three million criminal user accounts, removing over 100 advertising URLs, and arresting four people suspected of providing DDoS-for-hire services.
Operation PowerOFF DDoS-for-hire arrests and takedowns
Law Enforcement
H score57
First: 17.04.2026 01:26
Last: 17.04.2026 01:26
Sources 1
About this happening:
Authorities participating in Operation PowerOFF disrupted DDoS-for-hire and booter infrastructure across 21 countries, arresting four suspects and taking 53 domains offline. The a...
Operation PowerOFF DDoS-for-hire arrests and takedowns
Law EnforcementAbout this happening: Authorities participating in Operation PowerOFF disrupted DDoS-for-hire and booter infrastructure across 21 countries, arresting four suspects and taking 53 domains offline. The a...
Latest development: 17.04.2026 14:30
Europol-led Operation PowerOff involved police and cybersecurity agencies from 21 countries and disrupted DDoS-for-hire infrastructure by taking down 53 domains, seizing databases linked to over three million criminal user accounts, removing over 100 advertising URLs, and arresting four people suspected of providing DDoS-for-hire services.
APT28 FrostArmada DNS hijacking and AitM credential theft campaign
Campaign
H score45
First: 07.04.2026 18:51
Last: 07.04.2026 18:51
Sources 1
About this happening:
A multinational disruption effort has taken down **FrostArmada**, an **APT28** campaign that hijacked router DNS settings to steal **Microsoft account credentials** and OAuth toke...
APT28 FrostArmada DNS hijacking and AitM credential theft campaign
CampaignAbout this happening: A multinational disruption effort has taken down **FrostArmada**, an **APT28** campaign that hijacked router DNS settings to steal **Microsoft account credentials** and OAuth toke...
Timeline
-
18.06.2026 16:25 2 articles · 1h ago
International law enforcement takes down SocGholish infrastructure linked to Evil Corp
Legal Policy Action UpdateInternational law enforcement agencies cleaned 14,971 compromised WordPress websites and took 106 servers and domains offline in Operation Endgame, disrupting a SocGholish infection chain linked to Evil Corp. Authorities from the Netherlands (NHCTU), Canada (RCMP), the United States (FBI), and Germany (BKA) carried out the action, and Dutch police told website owners to change credentials, enable multi-factor authentication, delete unknown WordPress accounts, and keep WordPress up to date.
Show sources
- Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp — www.bleepingcomputer.com — 18.06.2026 16:25
- Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp — www.bleepingcomputer.com — 18.06.2026 16:25