{
	"id": "f0fa4359-d9da-47f6-8b19-ebf957323441",
	"created_at": "2026-04-06T00:06:38.814754Z",
	"updated_at": "2026-04-10T13:13:00.300714Z",
	"deleted_at": null,
	"sha1_hash": "3c6d9179b11c411033b74522576ac463377e0294",
	"title": "International Cybercrime Malware Service Dismantled by Federal Authorities: Key Malware Sales and Support Actors in Malta and Nigeria Charged in Federal Indictments",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 50483,
	"plain_text": "International Cybercrime Malware Service Dismantled by Federal\r\nAuthorities: Key Malware Sales and Support Actors in Malta and\r\nNigeria Charged in Federal Indictments\r\nPublished: 2024-02-09 · Archived: 2026-04-05 22:31:10 UTC\r\nThe Justice Department announced today that, as part of an international law enforcement effort, federal\r\nauthorities in Boston seized internet domains that were used to sell computer malware used by cybercriminals to\r\nsecretly access and steal data from victims’ computers. Federal authorities in Atlanta and Boston also unsealed\r\nindictments charging individuals in Malta and Nigeria, respectively, for their alleged involvement in selling the\r\nmalware and supporting cybercriminals seeking to use the malware for malicious purposes.\r\nFederal authorities in Boston seized www.warzone.ws and three related domains, which together offered for sale\r\nthe Warzone RAT malware — a sophisticated remote access trojan (RAT) capable of enabling cybercriminals to\r\nsurreptitiously connect to victims’ computers for malicious purposes. According to court documents authorizing\r\nthe seizures, the Warzone RAT provided cybercriminals the ability to browse victim file systems, take screenshots,\r\nrecord keystrokes, steal victim usernames and passwords, and watch victims through their web cameras, all\r\nwithout the victims’ knowledge or permission.\r\nInvestigations by the FBI Boston and Atlanta Field Offices also led to two indictments against individuals\r\ninvolved in selling and supporting the Warzone RAT and other malware.\r\nDaniel Meli, 27, of Zabbar, Malta, was arrested on Feb. 7 at the request of the United States, following a\r\ncoordinated operation by the Malta Police Force and the Office of the Attorney General of Malta, with the support\r\nof the FBI and Justice Department. Meli made his initial appearance before a Magistrate Judge in Valletta, Malta.\r\nMeli was indicted by a federal grand jury in the Northern District of Georgia on Dec. 12, 2023, for four offenses,\r\nincluding causing unauthorized damage to protected computers, illegally selling and advertising an electronic\r\ninterception device, and participating in a conspiracy to commit several computer intrusion offenses. According to\r\ncharging documents, since at least 2012, Meli offered malware products and services for sale to cybercriminals\r\nthrough online computer-hacking forums. Specifically, Meli allegedly assisted cybercriminals seeking to use RATs\r\nfor malicious purposes and offered teaching tools for sale, including an eBook. Meli also allegedly sold both the\r\nWarzone RAT and, before that, malware known as the Pegasus RAT, which he sold through an online criminal\r\norganization called Skynet-Corporation. He also provided online customer support to purchasers of both RATs.\r\nThe Northern District of Georgia is seeking Meli’s extradition to the United States.\r\nSeparately, Prince Onyeoziri Odinakachi, 31, of Nigeria, was indicted by a federal grand jury in the District of\r\nMassachusetts on Jan. 30 for conspiracy to commit multiple computer intrusion offenses, including obtaining\r\nauthorized access to protected computers to obtain information and causing unauthorized damage to protected\r\ncomputers. According to charging documents, between June 2019 and no earlier than March 2023, Odinakachi\r\nprovided online customer support to individuals who purchased and used the Warzone RAT malware. Law\r\nhttps://www.justice.gov/opa/pr/international-cybercrime-malware-service-dismantled-federal-authorities-key-malware-sales\r\nPage 1 of 3\n\nenforcement officers of the Port Harcourt Zonal Command of Nigeria’s Economic and Financial Crimes\r\nCommission arrested Odinakachi on Feb. 7. \r\nThe disruption of the Warzone RAT infrastructure was the result of an international law enforcement effort led by\r\nFBI special agents in Boston and Atlanta and coordinated with international partners in large part through\r\nEuropol. According to court documents, in addition to discovering instances of the Warzone RAT being used to\r\nattack victim computers in Massachusetts, the FBI covertly purchased and analyzed the Warzone RAT malware,\r\nconfirming its multiple malicious functions. Separately, law enforcement partners in Canada, Croatia, Finland,\r\nGermany, the Netherlands, and Romania provided valuable assistance securing the servers hosting the Warzone\r\nRAT infrastructure.\r\n“Today’s actions targeting the Warzone RAT infrastructure and personnel are another example of our tenacious\r\nand unwavering commitment to dismantling the malware tools used by cybercriminals,” said Acting U.S. Attorney\r\nJoshua S. Levy for the District of Massachusetts.  “We will turn over every stone to prevent cybercriminals from\r\nattacking the integrity of our computer networks, and we will root out those who support such cybercriminals so\r\nthey will be held accountable. Those who sell malware and support cybercriminals using it should know that they\r\ncannot hide behind their keyboards or international borders.”\r\n“Daniel Meli will no longer escape accountability for his actions selling malware,” said U.S. Attorney Ryan K.\r\nBuchanan for the Northern District of Georgia. “This alleged cybercriminal facilitated the takeover and infection\r\nof computers worldwide. Our office was proud to partner with our federal and international counterparts to find\r\nMeli and bring him to justice. We will continue to diligently investigate and prosecute cybercrime in the Northern\r\nDistrict of Georgia, and in all parts of the globe where our district is impacted.”\r\n“This action highlights the FBI’s commitment to disrupting cybercriminal actors and taking down their\r\ninfrastructure,” said Assistant Director Brian Vorndran of the FBI’s Cyber Division. “The FBI is proud of the\r\ninternational coordination involved in this law enforcement effort, and we will continue to build global\r\npartnerships to go after cybercriminals who seek to harm the American people.”\r\nThe charges of conspiracy, obtaining authorized access to protected computers to obtain information, illegally\r\nselling an interception device, and illegally advertising an interception device each provide for a sentence of up to\r\nfive years in prison, three years of supervised release and a fine of $250,000, or twice the gross gain or loss,\r\nwhichever is greater. The charge of causing unauthorized damage to protected computers provides for a sentence\r\nof up to 10 years in prison, three years of supervised release, and a fine of $250,000, or twice the gross gain or\r\nloss, whichever is greater.\r\nAssistant U.S. Attorneys James R. Drabick and Carol E. Head for the District of Massachusetts obtained the\r\nseizure warrants, and Drabick is prosecuting Odinakachi. Assistant U.S. Attorneys Bethany L. Rupert and Michael\r\nHerskowitz for the Northern District of Georgia are prosecuting Meli.\r\nThe Justice Department’s Office of International Affairs provided substantial assistance during the investigation.\r\nFederal authorities also wish to acknowledge the cooperation and assistance of the FBI Boston and Atlanta Field\r\nOffices; Malta Police Force; Office of the Attorney General of Malta; Malta Ministry for Justice; Australian\r\nFederal Police; Croatian Ministry of the Interior Criminal Police Directorate; Dutch National Police; Europol\r\nEuropean Cybercrime Center; Finland’s National Bureau of Investigation; State Police Force of Saxony, Germany;\r\nhttps://www.justice.gov/opa/pr/international-cybercrime-malware-service-dismantled-federal-authorities-key-malware-sales\r\nPage 2 of 3\n\nJapan Ministry of Justice; Port Harcourt Zonal Command of Nigeria's Economic and Financial Crimes\r\nCommission (EFCC); Romanian National Police; and Royal Canadian Mounted Police for their valuable\r\nassistance. \r\nAnyone who is a victim of a Warzone RAT computer intrusion is urged to report it to the FBI at\r\nhttps://wzvictims.ic3.gov\r\n.\r\nAn indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a\r\nreasonable doubt in a court of law.\r\nWarzone RAT splash page. \r\nSource: https://www.justice.gov/opa/pr/international-cybercrime-malware-service-dismantled-federal-authorities-key-malware-sales\r\nhttps://www.justice.gov/opa/pr/international-cybercrime-malware-service-dismantled-federal-authorities-key-malware-sales\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.justice.gov/opa/pr/international-cybercrime-malware-service-dismantled-federal-authorities-key-malware-sales"
	],
	"report_names": [
		"international-cybercrime-malware-service-dismantled-federal-authorities-key-malware-sales"
	],
	"threat_actors": [],
	"ts_created_at": 1775433998,
	"ts_updated_at": 1775826780,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3c6d9179b11c411033b74522576ac463377e0294.pdf",
		"text": "https://archive.orkl.eu/3c6d9179b11c411033b74522576ac463377e0294.txt",
		"img": "https://archive.orkl.eu/3c6d9179b11c411033b74522576ac463377e0294.jpg"
	}
}