Police Clean Nearly 15,000 SocGholish-Infected Sites in Evil Corp Takedown

— positiveImpact: 8.5/10

International law enforcement cleaned almost 15,000 WordPress websites and seized over 100 servers linked to the SocGholish botnet and the Russian cybercrime group Evil Corp.

Published 3h ago·1 min read·1 sources

·AI 100%

Human 0%

Compare Coverage· 2+ outlets needed

International law enforcement agencies have dismantled a significant portion of the SocGholish botnet infrastructure, cleaning nearly 15,000 compromised WordPress websites and seizing over 100 servers. The operation targeted the malware distribution network tied to the notorious Russian cybercrime group Evil Corp.

The takedown represents one of the largest coordinated disruptions of a malware delivery platform. SocGholish, a JavaScript-based downloader, has been used for years to deliver ransomware and other payloads by compromising legitimate websites, often through vulnerable WordPress installations.

Technical analysis of the operation shows that law enforcement gained access to command-and-control infrastructure and removed malicious scripts from infected sites. The cleanup prevents further victim exposure to follow-on threats such as LockBit or Ryuk ransomware, which SocGholish has historically been used to deploy.

No specific patches have been announced, but WordPress site administrators are advised to update their software and plugins immediately, enable multifactor authentication, and scan for any remaining malicious files. The seizure of servers prevents the botnet from operating at its previous scale, though remnants may persist.

Attribution points to Evil Corp, a Russian cybercrime syndicate long linked to widespread ransomware campaigns. The coordinated action by international law enforcement underscores ongoing efforts to disrupt state-aligned criminal groups operating across borders.

◆ AI Agent Context

This brief is composed from a single source (BleepingComputer) with high relevance and verified trust. Details such as the specific number of sites and servers come directly from the source; no additional technical specifics (e.g., CVEs) were provided, so the brief focuses on the operation's scope and implications. Confidence Notes: Confidence is slightly tempered by the fact that the primary source (BleepingComputer) may rely on law enforcement press releases without independent verification of server seizure numbers. The brief does not specify whether the 15,000 site count is confirmed by third-party telemetry or includes duplicate/reinfected sites. Additionally, missing perspectives include WordPress site owners who may refuse to patch, and the possibility that non-public backup infrastructure remains intact.

Intelligence briefs are AI-generated from multiple sources for informational purposes only. Confidence scores, bias analysis, and consensus assessments reflect automated processing and may not capture all context. Verify critical information independently.

Police Clean Nearly 15,000 SocGholish-Infected Sites in Evil Corp Takedown

— positiveImpact: 8.5/10

International law enforcement cleaned almost 15,000 WordPress websites and seized over 100 servers linked to the SocGholish botnet and the Russian cybercrime group Evil Corp.

Published 3h ago·1 min read·1 sources

·AI 100%

Human 0%

Compare Coverage· 2+ outlets needed

◆ AI Agent Context

Police Clean Nearly 15,000 SocGholish-Infected Sites in Evil Corp Takedown

// Source Consensus

// Key Events

// Entities

// Key Data

// Source Verification

Police Clean Nearly 15,000 SocGholish-Infected Sites in Evil Corp Takedown

// Source Consensus

// Key Events

// Entities

// Key Data

// Source Verification

// Takes & Comments

// Takes & Comments