The FBI, in partnership with several police agencies worldwide, has carried out an international law enforcement operation resulting in the arrest of a suspected administrator of the NetWire remote access trojan. As part of the operation, the authorities seized the service’s web domain and hosting server.
NetWire was initially promoted as a legitimate remote administration tool (RAT), providing users with the ability to manage Windows computers remotely. However, it has been a favorite tool for cybercriminals engaging in various nefarious activities such as phishing attacks, Business Email Compromises (BEC), and corporate network breaches since 2014.
Threat actors who used the NetWire RAT had the capability to remotely take screenshots, download and upload files, execute commands, and even download further programs to execute on infected Windows computers.
The website worldwiredlabs.com was used to market the service, as well as on Hackforums (here, and here) where users could sign up for subscriptions starting at just $10 per month, including support.
Netwire’s servers seized by law enforcement
In a coordinated international law enforcement operation, police from various agencies, including the FBI, the United States Attorney’s Office for the Central District of California, the Croatia Ministry of the Interior Criminal Police Directorate, Zurich Cantonal Police, Europol, and the Australian Federal Police worked together to disrupt the NetWire service.
The operation, which was carried out on Tuesday, involved the execution of a seizure warrant that was approved on March 3rd by the U.S. Attorney’s Office for the Central District of California. As part of this operation, the FBI seized the worldwiredlabs.com domain used to promote the service, and police in Switzerland seized the server hosting the website.
WorldWiredLabs now displays the message: “This Website Has Been Seized as part of a coordinated law enforcement action taken against the NetWire Remote Access Trojan.”
As part of the operation, a Croatian national suspected to be the administrator of the NetWire website was arrested on Tuesday in Croatia and will be prosecuted by local authorities.
“By removing the NetWire RAT, the FBI has impacted the criminal cyber ecosystem,” stated Donald Alway, the Assistant Director of the FBI’s Los Angeles Field Office.
“The global partnership that led to the arrest in Croatia also removed a popular tool used to hijack computers in order to perpetuate global fraud, data breaches, and network intrusions by threat groups and cyber criminals.”
This operation demonstrates the power of international cooperation in combating cybercrime and highlights the effectiveness of coordinated efforts by law enforcement agencies.