Signal

Law enforcement disrupts SocGholish malware network linked to Evil Corp

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-06-19 06:46 UTCUpdated 2026-06-19 17:38 UTC

rss

cveexploitsmalwarethreat_actorsincident_responsesecurity_policy

Trend in the last 24h

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (5)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Cybercrime Initial Access Service SocGholish Disrupted

BankInfoSecurity · News · bankinfosecurity.com · 2026-06-19 17:38 UTC

Nearly 15,000 infected websites cleaned in SocGholish crackdown

Malwarebytes Threat Analysis · News · malwarebytes.com · 2026-06-19 16:05 UTC

Police raid malware network tied to Russia's Evil Corp hacker group

The Record (Recorded Future News) · News · therecord.media · 2026-06-19 12:57 UTC

Operation Endgame Disrupts Malware Network Linked to Major Ransomware Gang

Infosecurity Magazine · News · infosecurity-magazine.com · 2026-06-19 10:15 UTC

View all evidence

Overview

An international law enforcement operation called Operation Endgame successfully dismantled the SocGholish malware infrastructure, linked to the Russian cybercrime group Evil Corp.

Entities

Evil CorpSocGholish

Score total

1.4

Momentum 24h

5

Posts

5

Origins

5

Source types

1

Duplicate ratio

0%

Why now

Operation Endgame represents a rare, coordinated international law enforcement success against a persistent malware network.
SocGholish has been active for nearly a decade, making this disruption a significant milestone.
The cleanup of infected WordPress sites immediately reduces ongoing malware distribution risks.

Why it matters

Disrupting SocGholish cuts off a major initial access vector for ransomware and malware campaigns.
Cleaning nearly 15,000 legitimate websites protects millions of users from malware infections.
The takedown weakens Evil Corp’s infrastructure, a notorious Russian cybercrime group involved in global attacks.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

SocGholish malware abused hacked WordPress sites to push fake software updates leading to malware installation.
Operation Endgame seized 106 SocGholish servers and cleaned nearly 15,000 infected WordPress sites.
SocGholish is linked to the Russian cybercrime group Evil Corp, known for ransomware and banking malware.

How sources frame it

BankInfoSecurity: neutral

All evidence

All evidence

Cybercrime Initial Access Service SocGholish Disrupted

BankInfoSecurity · bankinfosecurity.com · 2026-06-19 17:38 UTC

Nearly 15,000 infected websites cleaned in SocGholish crackdown

Malwarebytes Threat Analysis · malwarebytes.com · 2026-06-19 16:05 UTC

Police raid malware network tied to Russia's Evil Corp hacker group

The Record (Recorded Future News) · therecord.media · 2026-06-19 12:57 UTC

Operation Endgame Disrupts Malware Network Linked to Major Ransomware Gang

Infosecurity Magazine · infosecurity-magazine.com · 2026-06-19 10:15 UTC

15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown

SecurityWeek · securityweek.com · 2026-06-19 06:46 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 5Origin domains: 5Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 5 / 0

Top publishers (this list)

BankInfoSecurity (1)
Malwarebytes Threat Analysis (1)
The Record (Recorded Future News) (1)
Infosecurity Magazine (1)
SecurityWeek (1)

Top origin domains (this list)

bankinfosecurity.com (1)
malwarebytes.com (1)
therecord.media (1)
infosecurity-magazine.com (1)
securityweek.com (1)