Operation Endgame—RCMP join international partners in crackdown of Russian cybercriminal network

June 18, 2026 - Canada, British Columbia
From: Federal Policing Pacific Region

Content

In the past few days, the Netherlands (Dutch National Police), Canada (RCMP), the United States (FBI) and Germany (BKA – Federal Criminal Police Office) delivered a major blow to a cybercriminal network during a joint global action week, dubbed Operation Endgame.

The RCMP is the national representative for Canada on Operation Endgame and Federal Policing Pacific Region (FPPR) Cybercrime Investigation Team – Vancouver (CIT-V) is the Canadian lead on this project. The CIT-V dedicated coders, analysts, investigators and project managers to the international project.

SocGholish—linked to the Russian cyber-criminal group Evil Corp—is a malware framework that tricks users into downloading malicious files by masquerading as legitimate computer updates. 

Investigators found that SocGholish exploited thousands of WordPress sites to spread malware to visitors, with the aim of gaining unauthorized access to their computer systems and data. 

“International law enforcement partnerships are essential in addressing cyber threats because they are complex and global in nature. Through collaboration with our international partners, we share intelligence, expertise, and best practices to disrupt cyber threats which transcend all borders. I’m extremely proud of the work that’s been done and the role the RCMP had in bringing this operation to a conclusion,” said FPPR Cyber and Financial Investigation Teams Inspector Kurt Bedford. 

“SocGholish has had an impact on all levels of Canadian society, from critical infrastructure, education, government and more. All compromised Canadian entities have been notified through Operation Endgame today,” added FPPR Cyber and Financial Investigation Teams Inspector Kurt Bedford. 

Working with information from the Dutch Police, CIT-V investigators developed a disruption technique to interrupt the SocGholish malware. CIT-V and the international operation further refined the technique to disrupt the threat with a mass disinfection of 2,488 computers worldwide. Another 14,971 websites were actioned in the operation. The technique will also prevent future re-infection of the sites with SocGholish.

Call to all Wordpress site owners:

• change login credentials;
• enable multi‑factor authentication;
• delete any unknown additional WordPress accounts;
• keep their WordPress site up‑to‑date in the future.

Endgame is an ongoing, large-scale cybercrime joint forces operation that brings together law enforcement agencies from Denmark, Netherlands, Germany, France, United Kingdom, Belgium, Australia, United States and Canada supported by Europol and Eurojust.

The CIT-V team often collaborates with domestic and international law enforcement partners on cyber-based investigations including Operation Endgame. 

For more detailed information on today’s operation by our European and U.S. partners, please see the news release from Operation Endgame — International Law Enforcement Initiate Hunt on Malware Group SocGholish.

Contacts