The Department of Justice announced on Thursday that US and international law enforcement partners in the UK, Germany and the Netherlands have disrupted a major botnet operated by Russian cybercriminals that has hijacked millions of computers, phones and Internet of Things devices.
The botnet, RSOCKS, advertised itself as a proxy service – a company that allows you to route traffic to other locations. But instead of accessing IP addresses through legal means, such as renting them from local internet service providers, the company allowed customers to route traffic through compromised devices, according to the DOJ.
“The cost of accessing an RSOCKS proxy pool ranged from $30 per day for access to 2,000 proxies to $200 per day for access to 90,000 proxies,” the agency said in a statement. hurry.
Proxy services can be used for legitimate purposes, but can also be exploited in credential stuffing attacks or to help hide the identity of someone engaging in malicious behavior online.
The disruption to RSocks infrastructure follows an investigation that began after a sting operation purchase in 2017. The DOJ said it “identified approximately 325,000 compromised victim devices” in that first sweep.
“Several large public and private entities fell victim to the RSOCKS botnet, including a university, hotel, television studio, and electronics manufacturer, as well as home-based businesses and individuals,” according to the company’s press release. ‘agency.
Although the botnet has been taken down, no arrests have been announced.
In April, the United States announced that it had shut down a major botnet operated by the Russian military intelligence hacker team GRU known as Sandworm.