US Dismantles Warzone RAT Malware Operation

Written by

An international policing operation led by the US has enabled the dismantling of a nefarious malware operation dubbed “Warzone,” according to the Department of Justice (DoJ).

Warzone is described by the DoJ as a “sophisticated remote access Trojan” (RAT) capable of enabling cybercriminals to eavesdrop on their victims’ communications, steal credentials and other sensitive information, and watch them through their webcams.

The FBI purchased and analyzed the RAT to prove its malicious intent, while law enforcement partners in Canada, Croatia, Finland, Germany, the Netherlands and Romania found and dismantled the servers that comprised its online infrastructure, the DoJ said. Federal authorities in Boston apparently seized www.warzone.ws and three related domains.

“Today’s actions targeting the Warzone RAT infrastructure and personnel are another example of our tenacious and unwavering commitment to dismantling the malware tools used by cybercriminals,” said acting US attorney for the District of Massachusetts, Joshua Levy. 

“We will turn over every stone to prevent cybercriminals from attacking the integrity of our computer networks, and we will root out those who support such cybercriminals so they will be held accountable. Those who sell malware and support cybercriminals using it should know that they cannot hide behind their keyboards or international borders.”

Read more on law enforcement efforts: US Dismantles IPStorm Botnet Proxy Service

Alongside these efforts, Daniel Meli, 27, of Zabbar, Malta, was arrested on February 7 and now awaits extradition to the US.

Back in December 2023, he was indicted by a federal grand jury in Georgia for four offenses, including causing unauthorized damage to protected computers, illegally selling and advertising an electronic interception device, and participating in a conspiracy to commit several computer intrusion offenses.

Meli is accused of offering malware and services via hacking forums since at least 2012, including teaching tools and ebooks. He also allegedly sold the Pegasus RAT through a criminal group called “Skynet Corporation” and provided customer support to buyers.

A second man connected with Warzone – Prince Onyeoziri Odinakachi, 31, of Nigeria – was arrested on the same day last week in the Nigerian city of Port Harcourt.

He was indicted by a federal grand jury in Massachusetts on January 30 for conspiracy to commit multiple computer intrusion offenses, including obtaining authorized access to protected computers to obtain information and causing unauthorized damage to protected computers.

What’s hot on Infosecurity Magazine?