US authorities seize Warzone malware infrastructure
The US Department of Justice has announced it has shut down several for-sale websites, leading to the arrests of two individuals over malware sales and support.
The United States Department of Justice has successfully seized a number of websites linked to the sale of the Warzone remote access trojan.
In addition, two men have been arrested in separate operations.
The website www.warzone[.]ws was seized, alongside three other related domains. Warzone itself is a RAT capable of stealing and exfiltrating data, tracking keystrokes, and taking screenshots of infected machines.
Apart from selling the malware, the seized sites also offered support and guides on using it.
The seizure of the sites was part of an international law enforcement operation that also saw the arrest of one man, Daniel Meli, 27, of Zabbar, Malta, who was arrested by Maltese police on February 7 in an operation supported by the FBI and Justice Department, and carried out by the Malta Police Force and the Office of the Attorney General of Malta. Meli is charged with four offences related to the sale and operation of the RAT.
According to the DOJ, Meli has been selling and supporting Warzone since at least 2012. The US is seeking his extradition.
A Nigerian man was also indicted over the sale and support of the malware, but has yet to be arrested.
Prince Onyeoziri Odinakachi, 31, of Nigeria, was arrested on February 7 by officers from the Port Harcourt Zonal Command of Nigeria’s Economic and Financial Crimes Commission. Odinakachi is facing a number of charges relating to the sale and use of Warzone, having provided support for the malware between June 2019 and no earlier than March 2023.
The international operation was led by FBI agents in Atlanta and Boston in the US, with assistance from Europol. FBI agents were able to secretly purchase the malware, allowing them to analyse its functionality.
Authorities in Canada, Croatia, Finland, Germany, the Netherlands, and Romania also provided assistance in securing the Warzone servers.
“Today’s actions targeting the Warzone RAT infrastructure and personnel are another example of our tenacious and unwavering commitment to dismantling the malware tools used by cybercriminals,” said Acting US Attorney Joshua S. Levy for the District of Massachusetts in a statement.
“We will turn over every stone to prevent cyber-criminals from attacking the integrity of our computer networks, and we will root out those who support such cybercriminals so they will be held accountable. Those who sell malware and support cyber-criminals using it should know that they cannot hide behind their keyboards or international borders.”