The accused administrator of the NetWire remote access trojan was detained, and the service’s web domain, along with the hosting server, were seized as a result of an international law enforcement operation involving the FBI and law enforcement organizations throughout the world. A remote access trojan called NetWire was marketed as a reliable solution for managing a Windows PC remotely.
Users could subscribe to the service for as low as $10 a month, which included support, on the website www.worldwiredlabs.com. Nevertheless, since at least 2014, NetWire has been a preferred tool in various nefarious operations, such as phishing attacks, BEC campaigns, and corporate network breaches. Threat actors could remotely capture screenshots, download and upload data, run commands, or download additional applications to run on compromised Windows systems using the Netwire RAT.
According to a statement released recently by the US Attorney’s Office for the Central District of California, the seizure warrant was authorized on March 3rd and carried out on Tuesday as part of a planned international law enforcement operation to stop the NetWire service. Police from the Croatia Ministry of the Interior Criminal Police Directorate, the Australian Federal Police, the US Attorney’s Office for the Central District of California, Zurich Cantonal Police, Europol, and the FBI participated in this operation.
The FBI confiscated the worldwiredlabs.com name used to advertise the service as part of this operation, while Swiss police seized the server that was powering the website. A seizure statement that reads, “This Website Has Been Seized as part of a coordinated law enforcement action taken against the NetWire Remote Access Trojan,” is now visible on the website.
A Croatian national who officials believe to be the NetWire website’s administrator was also detained on Tuesday and will face legal action there. According to Donald Alway, the Assistant Director in Charge of the Federal Bureau of Investigation’s Los Angeles Field Office, the removal of the Netwire RAT had an effect on the criminal cyber environment.
“The global partnership that led to the arrest in Croatia also removed a popular tool used to hijack computers in order to perpetuate global fraud, data breaches and network intrusions by threat groups and cyber criminals.”