Signal
Authorities dismantle SocGholish botnet linked to Evil Corp, cleaning nearly 15,000 infected WordPress sites
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-06-18 13:25 UTCUpdated 2026-06-19 16:05 UTC
rss
cveexploitsbreachesmalwarethreat_actorsadvisories
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
A coordinated international law enforcement operation, dubbed Operation Endgame, successfully disrupted the SocGholish malware network associated with the Russian cybercrime group Evil Corp.
Entities
Evil CorpSocGholishOperation Endgame
Score total
1.59
Momentum 24h
6
Posts
6
Origins
6
Source types
1
Duplicate ratio
0%
Why now
- Operation Endgame just concluded with the seizure of infrastructure and cleanup of infected sites.
- SocGholish has been active since 2017, making this a significant disruption of a persistent threat.
- The takedown protects everyday businesses and users from ongoing malware infections and exploitation.
Why it matters
- Disrupts a long-running malware operation that compromised thousands of legitimate websites.
- Reduces risk of ransomware and espionage attacks facilitated by SocGholish.
- Demonstrates successful multinational law enforcement cooperation in cybersecurity.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
- SocGholish malware has infected nearly 15,000 WordPress websites worldwide.
- Operation Endgame involved seizing 106 servers and domains controlling the SocGholish botnet.
- SocGholish is linked to the Russian cybercrime group Evil Corp and used for ransomware and espionage campaigns.
How sources frame it
- FBI Cyber Division Statement: neutral
This coordinated takedown highlights the effectiveness of international collaboration against persistent malware operations linked to major cybercrime groups.
All evidence
All evidence
Nearly 15,000 infected websites cleaned in SocGholish crackdown
Malwarebytes Threat Analysis · malwarebytes.com · 2026-06-19 16:05 UTC
Police raid malware network tied to Russia's Evil Corp hacker group
The Record (Recorded Future News) · therecord.media · 2026-06-19 12:57 UTC
Operation Endgame Disrupts Malware Network Linked to Major Ransomware Gang
Infosecurity Magazine · infosecurity-magazine.com · 2026-06-19 10:15 UTC
15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown
SecurityWeek · securityweek.com · 2026-06-19 06:46 UTC
Authorities disrupt Evil Corp’s SocGholish botnet
CyberScoop · cyberscoop.com · 2026-06-18 22:03 UTC
Law enforcement disrupts SocGholish botnet and Evil Corp servers
SC Media · scworld.com · 2026-06-18 21:47 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 6Origin domains: 6Duplicates: -
Showing 6 / 0
Top publishers (this list)
- Malwarebytes Threat Analysis (1)
- The Record (Recorded Future News) (1)
- Infosecurity Magazine (1)
- SecurityWeek (1)
- CyberScoop (1)
- SC Media (1)
Top origin domains (this list)
- malwarebytes.com (1)
- therecord.media (1)
- infosecurity-magazine.com (1)
- securityweek.com (1)
- cyberscoop.com (1)
- scworld.com (1)