An international law enforcement operation involving the FBI and police agencies around the world led to the arrest of the suspected administrator of the NetWire remote access trojan and the seizure of the service’s web domain and hosting server.
NetWire is a remote access trojan promoted as a legitimate remote administration tool to manage a Windows computer remotely.
The service is sold through the website www.worldwiredlabs.com, where users can sign up for subscriptions for $10 per month, which includes support.
However, since at least 2014, NetWire has been a tool of choice in various malicious activities, including phishing attack, BEC campaignsand in breaching corporate networks.
Threat actors can use the Netwire RAT to remotely take screenshots, download and upload files, execute commands, or download additional programs to be executed on infected Windows computers.
NetWire’s infrastructure was seized by the police
Today, the US Attorney’s Office for the Central District of California announced that a seizure warrant was approved on March 3rd and carried out in a coordinated international law enforcement operation on Tuesday to disrupt the NetWire service.
The operation involved police from the FBI, the United States Attorney’s Office for the Central District of California, Croatia’s Ministry of the Interior Criminal Police Directorate, Zurich Cantonal Police, Europol, and the Australian Federal Police.
As part of this operation, the FBI seized the worldwiredlabs.com domain used to promote the service, and police in Switzerland seized the server hosting the website.
The website now displays a seizure message, saying, “This Website was Seized as part of a coordinated law enforcement action taken against the NetWire Remote Access Trojan.”
A Croatian national suspected of being the administrator of the NetWire website was also arrested on Tuesday in Croatia and will be charged by local authorities.
“By removing the Netwire RAT, the FBI has impacted the criminal cyber ecosystem,” said Donald Alway, the Assistant Director in Charge of the FBI’s Los Angeles Field Office.
“The global partnership that led to the arrest in Croatia also removed a popular tool used to hijack computers to perpetuate global fraud, data breaches and network intrusions by threat groups and cyber criminals.”