Adrian Johnson
TLDR: The U.S. Department of Justice (DoJ) has announced the seizure of online infrastructure used to sell a remote access trojan (RAT) called Warzone RAT. Two individuals in Malta and Nigeria have been arrested for their involvement in selling and supporting the malware. Warzone RAT, also known as Ave Maria, has been used by various threat actors, including YoroTrooper and Russian actors. The DoJ collaborated with authorities from multiple countries to dismantle the infrastructure.
The U.S. DoJ has taken down the online infrastructure used to sell the Warzone RAT, a popular remote access trojan. The domains that were seized include www.warzone[.]ws and three others that were used to sell computer malware used by cybercriminals to steal data from victims’ computers. In addition to the takedown, two individuals in Malta and Nigeria have been arrested and indicted for their involvement in selling and supporting the malware. The defendants have been charged with unauthorized damage to protected computers and participating in a conspiracy to commit computer intrusion offenses.
Warzone RAT, also known as Ave Maria, was first documented by Yoroi in 2019 after a cyber attack targeting an Italian organization. The malware was sold under the malware-as-a-service model and allowed threat actors to remotely control infected hosts for further exploitation. Some notable features of the RAT include the ability to browse victim file systems, record keystrokes, and activate webcams without the victim’s knowledge.
The takedown of the infrastructure was part of a coordinated effort involving authorities from Australia, Canada, Croatia, Finland, Germany, Japan, Malta, the Netherlands, Nigeria, Romania, and Europol. The U.S. Federal Bureau of Investigation (FBI) covertly purchased copies of the Warzone RAT to confirm its malicious functions.
Warzone RAT has been used by various threat actors, including YoroTrooper and Russian actors. The seizure of the infrastructure and the arrest of the key operators are significant steps in disrupting cybercriminal activities and protecting victims from remote access trojans. The collaboration between international law enforcement agencies highlights the global effort to combat cybercrime.
