Operation Endgame international cybercrime disruption initiative
Public Sector Action
Summary
Hide ▲
Show ▼
Operation Endgame is an ongoing international law enforcement initiative that now includes the takedown of SocGholish infrastructure, expanding disruption of botnets and criminal infrastructure used for malware delivery. The operation has already removed 106 servers and cleaned 14,971 WordPress sites, reducing abuse paths used to spread follow-on payloads. Launched in 2024, the initiative keeps pressure on the infrastructure that supports large-scale cybercrime.
Related Happenings
Operation Endgame takedown of SocGholish and Evil Corp infrastructure
Law Enforcement
H score58
First: 18.06.2026 16:25
Last: 18.06.2026 16:25
Sources 1
How related:
Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with SocGholish and cleaned up nearly 15,000 infected WordPress websites.
About this happening:
**International law enforcement** disrupted **SocGholish/FakeUpdates** infrastructure in **Operation Endgame** on **June 18**, cleaning **14,971 compromised WordPress websites** a...
Operation Endgame takedown of SocGholish and Evil Corp infrastructure
Law EnforcementHow related: Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with SocGholish and cleaned up nearly 15,000 infected WordPress websites.
About this happening: **International law enforcement** disrupted **SocGholish/FakeUpdates** infrastructure in **Operation Endgame** on **June 18**, cleaning **14,971 compromised WordPress websites** a...
SocGholish malware downloader hijacking WordPress sites
Malware Activity
H score57
First: 18.06.2026 16:25
Last: 18.06.2026 16:25
Sources 1
How related:
Active since 2017 and also known as FakeUpdates, SocGholish is a JavaScript (JS)-based downloader malware that typically serves as a conduit for next-stage malware from various threat actors like Evil Corp (aka DEV-0243, Indrik Spider, and UNC2165), LockBit, RansomHub, Dridex, and Raspberry Robin (aka Roshtyak).
About this happening:
**SocGholish** is a long-running **JavaScript-based malware downloader** also tracked as **FakeUpdates** that hijacks **compromised WordPress sites** to push **fake browser update...
SocGholish malware downloader hijacking WordPress sites
Malware ActivityHow related: Active since 2017 and also known as FakeUpdates, SocGholish is a JavaScript (JS)-based downloader malware that typically serves as a conduit for next-stage malware from various threat actors like Evil Corp (aka DEV-0243, Indrik Spider, and UNC2165), LockBit, RansomHub, Dridex, and Raspberry Robin (aka Roshtyak).
About this happening: **SocGholish** is a long-running **JavaScript-based malware downloader** also tracked as **FakeUpdates** that hijacks **compromised WordPress sites** to push **fake browser update...
BlueNoroff spear-phishing campaign uses typosquatted Zoom, Teams, and Calendly lures against crypto firms
Campaign
H score33
First: 11.02.2026 00:17
Last: 11.02.2026 00:17
Sources 1
About this happening:
**BlueNoroff**, a **North Korea-linked Lazarus Group** subgroup, ran a **large-scale spear-phishing campaign** against **100+ cryptocurrency organizations** in **20+ countries** b...
BlueNoroff spear-phishing campaign uses typosquatted Zoom, Teams, and Calendly lures against crypto firms
CampaignAbout this happening: **BlueNoroff**, a **North Korea-linked Lazarus Group** subgroup, ran a **large-scale spear-phishing campaign** against **100+ cryptocurrency organizations** in **20+ countries** b...
Operation Endgame takedown of Rhadamanthys, Venom RAT, and Elysium
Law Enforcement
H score46
First: 13.11.2025 13:16
Last: 13.11.2025 13:16
Sources 1
About this happening:
Authorities **arrested** the main **Venom RAT** suspect in **Greece** and disrupted **Rhadamanthys Stealer**, **Venom RAT**, and the **Elysium botnet** during **Operation Endgame*...
Operation Endgame takedown of Rhadamanthys, Venom RAT, and Elysium
Law EnforcementAbout this happening: Authorities **arrested** the main **Venom RAT** suspect in **Greece** and disrupted **Rhadamanthys Stealer**, **Venom RAT**, and the **Elysium botnet** during **Operation Endgame*...
Operation Endgame takedown of Rhadamanthys, VenomRAT, and Elysium
Law Enforcement
H score57
First: 13.11.2025 12:53
Last: 13.11.2025 12:53
Sources 1
About this happening:
Law enforcement from **nine countries** **seized** domains and took down **over 1,000 servers** tied to **Rhadamanthys**, **VenomRAT**, and **Elysium**, disrupting a major **cyber...
Operation Endgame takedown of Rhadamanthys, VenomRAT, and Elysium
Law EnforcementAbout this happening: Law enforcement from **nine countries** **seized** domains and took down **over 1,000 servers** tied to **Rhadamanthys**, **VenomRAT**, and **Elysium**, disrupting a major **cyber...
Timeline
-
19.06.2026 18:07 2 articles · 2h ago
Dutch law enforcement disrupts SocGholish infrastructure under Operation Endgame
Campaign Scope UpdateDutch law enforcement authorities, with partners in Canada, Germany, and the U.S., disrupted SocGholish/FakeUpdates infrastructure under Operation Endgame and removed infections from 14,971 WordPress sites. The effort took down 106 servers linked to SocGholish and directed website owners to update their CMS, change credentials, and delete suspicious accounts to reduce further malware spread.
Show sources
- Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites — thehackernews.com — 19.06.2026 18:07
- Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites — thehackernews.com — 19.06.2026 18:07