NetWire malware has been utilized by various cybercrime groups, but its most notable use occurred in February 2022 when the ModifiedElephant APT group used the malware to plant incriminating evidence on victims’ devices.
In a joint operation between the US Federal Bureau of Investigation (FBI), the European Union Agency for Law Enforcement Cooperation (Europol), and other international law enforcement agencies, the internet domain used to sell NetWire malware has been seized.
NetWire is a powerful tool used by cybercriminals to gain unauthorized access to computer systems and control them remotely. It’s worth noting that NetWire was used extensively in several cyberattacks, including those targeting the aviation and defence sectors in February 2022, thousands of global oil and gas and energy firms in August 2017, and attacks on the aerospace and travel sectors in May 2021.
In addition, NetWire was utilized in a malicious campaign last year by the ModifiedElephant APT to plant incriminating evidence on victims’ devices. The activities of this APT group are closely aligned with the “Indian state interests.
According to a press release from the US Attorney’s Office for the Central District of California, the seizure was part of an ongoing investigation into the sale and distribution of NetWire malware. The domain, which had been in operation since 2012, sold the malware to buyers worldwide, including individuals in the United States for their own criminal ends.
The operation to seize the domain involved the coordinated efforts of law enforcement agencies from around the world. The FBI worked with Europol, Croatia, Switzerland, and other partners to identify and track down the individuals responsible for the sale and distribution of NetWire.
The operation resulted in the seizure of the domain and the arrest of a suspect whose name has not been released by US or Croatian authorities.
NetWire malware is a type of remote access Trojan (RAT) that cybercriminals often use to gain access to a victim’s computer. Once installed, the malware allows the attacker to remotely control the computer, access sensitive information, and carry out a range of malicious activities.
The seizure of the NetWire domain is a significant development in the fight against cybercrime. It demonstrates the effectiveness of international cooperation in tackling online threats and highlights the commitment of law enforcement agencies worldwide to combat cybercrime.
“By removing the NetWire RAT, the FBI has impacted the criminal cyber ecosystem,” Donald Alway, the assistant director in charge of the FBI’s Los Angeles field office, said in a statement.
“The global partnership that led to the arrest in Croatia also removed a popular tool used to hijack computers in order to perpetuate global fraud, data breaches and network intrusions by threat groups and cyber criminals,” Alway added.
This victory serves as a reminder that the fight against malware is far from over because cybercriminals are constantly developing new tools and techniques to evade detection. It is therefore essential that individuals and organizations take steps to protect themselves against cyber attacks by implementing strong security measures, such as using anti-virus software and keeping their systems up to date with the latest security patches.