U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key Operators

U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key Operators

February 11, 2024 at 06:33AM

The U.S. Justice Department seized online infrastructure used to sell the Warzone RAT, an information-stealing malware. Two individuals have been arrested and charged. The malware, marketed as Maas for $38/month, enables remote control of infected hosts, with features like file browsing, screenshots, keystroke recording, and webcam activation. International law enforcement collaboration led to the takedown.

Summary of Meeting Notes:

– The U.S. Justice Department seized the domains www.warzone[.]ws and three others used to sell the Warzone RAT, a remote access trojan.
– Two individuals, Daniel Meli and Prince Onyeoziri Odinakachi, from Malta and Nigeria, were arrested and indicted for their involvement in selling and supporting the malware.
– The Warzone RAT, also known as Ave Maria, was used in cyber attacks targeting an Italian organization in the oil and gas sector in 2018.
– The malware was sold under the malware-as-a-service (MaaS) model for $38 a month or $196 for a year, allowing threat actors to commandeer infected hosts and steal information.
– The U.S. FBI covertly purchased copies of Warzone RAT to confirm its nefarious functions, with international law enforcement efforts involving multiple countries and Europol.

Let me know if you need more information or a detailed analysis.

Full Article