International Operation Endgame Disrupts SocGholish Malware Infrastructure

Operation Endgame, a coordinated international law enforcement effort, disrupted the SocGholish malware infrastructure linked to the threat actor TA569 (also referenced as TA2726). The operation resulted in the takedown of over 100 command-and-control (C2) servers and the remediation of nearly 15,000 compromised websites. SocGholish, a JavaScript-based malware, was distributed through drive-by download attacks, often masquerading as fake software updates. Agencies including Europol and the FBI participated in the disruption, though no specific dates for the operation were provided. The action targeted the malware’s infrastructure but did not detail arrests or attribution beyond the threat actor designation.