📣🚨 #OperationEndgame disrupts TA569’s SocGholish malware infrastructure, with law enforcement taking down 100+ C2 servers and cleaning 15,000 hacked sites.
Read: https://hackread.com/operation-endgame-disrupts-socgholish-malware/
#SocGholish #Malware #Cybersecurity #CyberCrime #Ransomware #TA569
🔥 Operation Endgame is back! This latest operation targets #SocGholish (FakeUpdates) malware, used by the notorious criminal group: Evil Corp. It's another major international effort that’s taken down 106 servers and domains, with 14,971 infected WordPress websites remediated.
Excellent work by all partners involved!! 👏 👏
🔧 REMEDIATION: As with previous phases of #OperationEndgame, Spamhaus is proud to support remediation efforts. Website owners affected by this operation will be contacted with guidance on the next steps.
➡️ Dutch National Police press release: https://www.politie.nl/en/news/2026/juni/18/11-international-law-enforcement-initiate-hunt-on-malware-group-socgholish.html
➡️ Operation Endgame: https://operation-endgame.com
#CyberSecurity #ThreatIntelligence #SocGholish #FakeUpdates #Malware #EvilCorp #OperationEndgame
In Operation Endgame, a major operation this week disrupted a key infection chain used by cybercriminals. Within an international cooperation, 14.971 websites infected with SocGholish malware were remediated. This malware is used by a criminal group that plays a pivotal role in international cybercrime, namely: Evil Corp.
#SocGholish, the “FakeUpdates” web injects framework linked to major ransomware events, has been disrupted by #OperationEndgame
❌ 100 servers and domains worldwide dismantled
❌ 14,971 websites remediated
The action, which took place in June 2026, involved law enforcement agencies in the Netherlands (NHCTU), Canada (RCMP), the United States (FBI), and Germany (BKA).
Our researchers have tracked SocGholish and its operator #TA569 — one of the most prominent cybercriminals in our threat data — since 2018. We were proud to contribute our unique insights to this initiative.
Learn more about SocGholish, TA569, the impact this #takedown will have on the threat landscape, and what website owners can do to protect themselves: https://www.proofpoint.com/us/blog/threat-insight/sayonara-socgholish-operation-endgame-disrupts-major-cybercrime-operation?utm_source=twitter&utm_medium=social_organic
A major phase of "Operation Endgame" concluded, with international law enforcement cleaning nearly 15,000 SocGholish-infected WordPress sites and taking 106 servers offline. This action directly disrupts Evil Corp's initial access for ransomware, but experts warn that the highly adaptable group will likely rebuild and refine their tactics, underscoring the ongoing challenge in cybersecurity.
#cybersecurity #socgholish #evilcorp
🤖 This post was AI-generated.
New #SocGholish C2:
hXXps://files.smartpcai[.]com/Xgd37BKqtSdK7BK3uIzjYIr5uSbB1ol3tSdD7BKqkw==
files.smartpcai[.]com
66[.]42.90.185
AS20473 The Constant Company, LLC
New #SocGholish C2:
hXXps://dl.erickillorinphotostore[.]com/Xgd37BKqtSdK7BK3uIzjYIr5uSbB1ol3tSdD7BKqkw==
dl.erickillorinphotostore[.]com
45[.]41.187.5
AS22653 Cyber Wurx LLC
New #SocGholish C2:
hXXps://js-new.newtoyourgame[.]com/Xgd37BKqtSdK7BK3uIzjYIr5uSbB1ol3tSdD7BKqkw==
js-new.newtoyourgame[.]com
66[.]42.92.122
AS20473 The Constant Company, LLC
New #SocGholish C2:
hXXps://api-v2.novationseo[.]com/Xgd37BKqtSdK7BK3uIzjYIr5uSbB1ol3tSdD7BKqkw==
api-v2.novationseo[.]com
155[.]138.194.157
AS20473 The Constant Company, LLC
New #SocGholish C2:
hXXps://cpanel.clinchstar[.]com/Xgd37BKqtSdK7BK3yoGM1crMtcTgHg7D7cs3eBWT
cpanel.clinchstar[.]com
89[.]117.0.198
AS46475 Limestone Networks, Inc.
Hackread.com
The Spamhaus Project
Threat Insight
Daniel Marsh
Gi7w0rm
Monitor SG