The RCMP says it has helped international law enforcement partners disrupt a malware network linked to a Russian cybercriminal group.
The action was part of Operation Endgame, a global cybercrime operation involving police agencies from Canada, the Netherlands, the United States and Germany.
The RCMP is Canada’s national representative on Operation Endgame, while the Federal Policing Pacific Region Cybercrime Investigation Team in Vancouver is the Canadian lead on the project.
Police say the operation targeted SocGholish, a malware framework linked to Evil Corp, a Russian cybercriminal group.
SocGholish tricks users into downloading malicious files by disguising them as legitimate computer updates.
Investigators found the malware exploited thousands of WordPress sites to spread to visitors, with the goal of gaining unauthorized access to computer systems and data.
“International law enforcement partnerships are essential in addressing cyber threats because they are complex and global in nature,” said Insp. Kurt Bedford of the Federal Policing Pacific Region cyber and financial investigation teams.
“Through collaboration with our international partners, we share intelligence, expertise, and best practices to disrupt cyber threats which transcend all borders.”
Bedford said SocGholish has affected all levels of Canadian society, including critical infrastructure, education and government.
“All compromised Canadian entities have been notified through Operation Endgame today,” he added.
Working with information from Dutch police, RCMP investigators in Vancouver developed a technique to interrupt the SocGholish malware.
The RCMP says that technique was further refined with international partners and used in a mass disinfection of 2,488 computers worldwide.
Police say another 14,971 websites were actioned during the operation.
The technique is also expected to prevent the sites from being reinfected with SocGholish.
RCMP are urging WordPress site owners to change their login credentials, enable multi-factor authentication, delete any unknown WordPress accounts and keep their sites updated.
Operation Endgame is an ongoing joint-forces cybercrime operation involving law enforcement agencies from Denmark, the Netherlands, Germany, France, the United Kingdom, Belgium, Australia, the United States and Canada, with support from Europol and Eurojust.
