Netwire RAT Malware Infrastructure Seized Following Joint International Operation

An internet domain that was being used by criminals to steal data from and take control of victims’ computers was seized by U.S. authorities on Thursday. A collaborative international law enforcement operation involving the FBI and police agencies worldwide led to the arrest of the suspected administrator of the NetWire remote access trojan (RAT).

NetWire was a remote access trojan promoted as a legitimate remote administration tool to manage a Windows computer remotely. Users could sign up for subscriptions for as little as $10 a month, with support included.

While the website marketed NetWire as a legitimate business tool to maintain computer infrastructure, the affidavit states that NetWire is a malware used for malicious purposes, the software was advertised on hacking forums, and numerous cyber security companies and government agencies have documented instances of the NetWire RAT being used in criminal activity.


Since at least 2014, NetWire has been a tool of choice for threat actors when engaging in various malicious activities, such as phishing attacks, BEC campaigns, and corporate networks breaches. Hackers could use the Netwire RAT to remotely take screenshots, download and upload files, execute commands, or download further programs to execute on infected Windows computers.

The exact number of times the malware had been purchased from the seized website is unclear. As Reuters reports, back in 2017 Citizen Lab identified NetWire to have appeared in 2012, and its primary use was in a wide range of attacks, including credit card fraud and attacks targeting the healthcare and banking industries.

The Operation

According to BleepingComputer, the U.S. Attorney’s Office for the Central District of California announced that a seizure warrant was approved on March 3rd and executed in a coordinated international law enforcement operation on Tuesday to disrupt the NetWire service.

This operation involved police from the FBI, the United States Attorney’s Office for the Central District of California, the Croatia Ministry of the Interior Criminal Police Directorate, Zurich Cantonal Police, Europol, and the Australian Federal Police.

In the process, the FBI seized the domain used to promote the service, and police in Switzerland seized the server hosting the website. The website now displays a seizure message, stating, “This Website Has Been Seized as part of a coordinated law enforcement action taken against the NetWire Remote Access Trojan.”

On Tuesday, a Croatian national suspected of being the administrator of the NetWire website was arrested. He will be prosecuted by the local authorities.

The global partnership that led to the arrest in Croatia also removed a popular tool used to hijack computers in order to perpetuate global fraud, data breaches and network intrusions by threat groups and cyber criminals.


A new cybersecurity strategy released by the White House last week called for stronger coalitions with foreign governments, as often enough cybercrimes take place cross-border. As a result, the success of this operation consolidates the collaborative strategy.

If you liked this article, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

图片[1]|Netwire RAT Malware Infrastructure Seized Following Joint International Operation|黑客技术网图片[2]|Netwire RAT Malware Infrastructure Seized Following Joint International Operation|黑客技术网If you liked this post, you will enjoy our newsletter.Get cybersecurity updates you\’ll actually want to read directly in your inbox.

Source: /dezies-erutcurtsarfni-erawlam-tar-eriwten/golb/moc.ytirucesladmieh

© 版权声明
点赞8 分享
评论 抢沙发