Law enforcers in the US and Europe yesterday claimed to have disrupted the operation behind a notorious remote access Trojan (RAT) known as NetWire.
US authorities seized the only known domain used to sell the RAT, linked to a firm known as “World Wired Labs,” while police in Croatia arrested an individual on suspicion of being the site administrator.
Law enforcers in Switzerland seized the server hosting NetWire infrastructure, according to the US Attorney’s Office for the Central District of California.
The FBI in Los Angeles first opened an investigation into NetWire and World Wired Labs back in 2020. They bought a subscription and built a customized instance of the RAT using a builder tool, according to court documents.
Although World Wired Labs marketed the product as a legitimate offering to maintain computer infrastructure, NetWire was documented countless times as being used for criminal activity, the affidavit alleges. The RAT was also advertised on hacking forums, according to the California US Attorney’s Office.
In fact, Infosecurity has frequently reported stories over the years where NetWire was used by threat actors, including a 2014 case where Nigerian 419 scammers used the malware to steal victims’ information, and a separate data theft campaign in 2017 that impacted thousands of global organizations.
“Today’s action is a testament to the innovation and flexibility necessary to fighting cyber-criminals who operate without borders,” said US attorney Martin Estrada.
“Our office will continue to forge international alliances to protect our communities from cyber-threats. Criminals used NetWire on a global scale, and we have responded by dismantling the infrastructure that has caused untold harm to victims around the world.”
Donald Alway, the assistant director in charge of the FBI’s Los Angeles Field Office, added that NetWire was a popular tool to hijack computers, “in order to perpetuate global fraud, data breaches and network intrusions by threat groups and cyber-criminals.”