Categories: Canada

Civilians behind international police probe into Russian cybercriminals – National


An RCMP sergeant says civilian cybercrime investigators were instrumental in helping the Mounties and international partners deal a blow to cybercriminals trying to infect WordPress websites.

Sgt. Warren Krahenbil, leader of the RCMP’s Federal Cybercrime Investigative Team in Vancouver, outlined Operation Endgame in an interview with Global News on Sunday.

The operation targeted SocGholish malware – linked to the Russian cybercriminal group Evil Corp. Investigators say the group exploited thousands of WordPress sites to gain unauthorized access to computer systems.

“The malware did infect a large number of WordPress websites,” Krahenbil said, “it’s tailored to certain sites, though.”

The Mounties teamed up with counterparts in the Netherlands, the United States and Germany on the joint action, according to a media statement.

Story continues below advertisement

A notice from the Dutch police said agencies took down 106 servers and domains worldwide, remediated almost 15,000 websites, cleaned infected WordPress sites and notified the group’s victims.

Get daily National news

Get daily Canada news delivered to your inbox so you’ll never miss the day’s top stories.

“One of our civilian experts came up with a way to decode pieces of the SocGholish code and that sort of gave us a ‘springboard’ to work forward and share with the international community,” Krahenbil said.

Owners of WordPress websites are being urged to change their credentials, enable multi-factor authentication, delete any unknown WordPress accounts and keep their site up to date, he said.

People are warned to never trust pop-ups that appear in browsers or flashy update notices that urge immediate action to prevent a potential SocGholish malware infection.


Anyone who does not use WordPress should still take precautions “like you would every day on the internet,” Krahenbil said. This includes using antivirus software, keeping track of passwords, and using a password manager if possible.

“If you’re not using WordPress, you should be OK,” he said. “But also be aware of what you click on online. Make sure that every link that you follow is the link that you’re going to.”

It’s believed SocGholish was using its malware to both obtain money and intelligence.

“When you’re infected with SocGholish, they have access and then they use that access to download additional malware to control the computer, to search the computer and extract data,” Krahenbil added.

Story continues below advertisement

with files from The Canadian Press

&copy 2026 Global News, a division of Corus Entertainment Inc.



Source link

admin2

Share
Published by
admin2

Recent Posts

Review of Last Week’s Flows

The U.S. fixed income market experienced a resurgence in investor attention last week, reaching levels…

56 minutes ago

France vs Spain LIVE: FIFA World Cup 2026 semifinal

Live coverage and text updates as France play Spain in a semifinal clash between the…

1 hour ago

Ontarians buying new phones may be targeted in scheme: OPP

Descrease article font size Increase article font size Ontario Provincial Police are warning people who…

1 hour ago

Dogecoin Traders Watch Moving Averages As DOGE Tries To Build A Cleaner Rebound

Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure Dogecoin is…

1 hour ago

Bangkok music bar fire death toll rises to 30, dozens remain hospitalized – National

The death toll from a huge fire in a Bangkok music bar has increased to…

4 hours ago

Visualizing Annual MLP Distribution Growth

Reliable distribution growth remains one of the most important tailwinds for midstream MLPs. After all,…

6 hours ago