Jump to content
  • Police seize Netwire RAT malware infrastructure, arrest admin

    alf9872000

    • 346 views
    • 2 minutes
     Share


    • 346 views
    • 2 minutes

    An international law enforcement operation involving the FBI and police agencies worldwide led to the arrest of the suspected administrator of the NetWire remote access trojan and the seizure of the service’s web domain and hosting server.

     

    NetWire was a remote access trojan promoted as a legitimate remote administration tool to manage a Windows computer remotely.

     

    The service was sold via the website www.worldwiredlabs.com, where users could sign up for subscriptions for as little as $10 a month, which included support.

     

    However, since at least 2014, NetWire has been a tool of choice in various malicious activities, including phishing attacksBEC campaigns, and to breach corporate networks.

     

    netwire.jpg

    NetWire plans promoted on the website

     

    Threat actors could use the Netwire RAT to remotely take screenshots, download and upload files, execute commands, or download further programs to execute on infected Windows computers.

    NetWire infrastructure seized by police

    Today, the U.S. Attorney's Office for the Central District of California announced that a seizure warrant was approved on March 3rd and executed in a coordinated international law enforcement operation on Tuesday to disrupt the NetWire service.

     

    This operation involved police from the FBI, the United States Attorney's Office for the Central District of California, the Croatia Ministry of the Interior Criminal Police Directorate, Zurich Cantonal Police, Europol, and the Australian Federal Police.

     

    As part of this operation, the FBI seized the worldwiredlabs.com domain used to promote the service, and police in Switzerland seized the server hosting the website.

     

    The website now displays a seizure message, stating, "This Website Has Been Seized as part of a coordinated law enforcement action taken against the NetWire Remote Access Trojan."

     

    seizure-banner.jpg

    Seizure message on the worldwiredlabs.com domain
    Source: BleepingComputer

     

    A Croatian national suspected to be the administrator of the NetWire website was also arrested on Tuesday in Croatia and will be prosecuted by local authorities.

     

    "By removing the Netwire RAT, the FBI has impacted the criminal cyber ecosystem," said Donald Alway, the Assistant Director in Charge of the FBI’s Los Angeles Field Office.

     

     "The global partnership that led to the arrest in Croatia also removed a popular tool used to hijack computers in order to perpetuate global fraud, data breaches and network intrusions by threat groups and cyber criminals."

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...