Bottom Line: Investigators have shut down the SocGholish malware infrastructure operated by Evil Corp and cleaned thousands of infected websites.
International investigators have dismantled the botnet infrastructure of the SocGholish malware and cleaned approximately 15,000 infected WordPress blogs. The network was operated by the Russian cybercriminal group Evil Corp.
As part of Operation Endgame, international authorities took the SocGholish malware botnet infrastructure offline. The action included the cleanup of nearly 15,000 infected WordPress blogs, which served as a distribution channel and infrastructure for the network. The organization behind it was the Russia-based cybercriminal group Evil Corp.
SocGholish was a widespread infection mechanism through which attackers delivered additional malware such as ransomware or banking trojans to compromised systems. The use of compromised WordPress installations as a distribution platform enabled the operators to hijack legitimate-looking websites for their purposes. This significantly hindered users from identifying the threat.
For CISOs, this action represents a temporary reduction of an established infection channel. However, the existence of 15,000 compromised WordPress instances demonstrates how widespread security vulnerabilities and weak configurations are in commonly used software. A reassessment of own content management systems, regular patching, and strong access controls remain critical, as Evil Corp or successors could quickly rebuild similar infrastructures.
Source: borncity.com · Published June 20, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.