The US Department of Justice and Black Lotus Labs have coordinated to dismantle two malicious proxy services, Anyproxy and 5socks, which operated using a botnet of hacked devices worldwide. The operation involved domain seizures and disruption of control infrastructure, targeting cybercriminals operating across multiple countries.
Affected: proxy services, hacked devices, users of the compromised routers and IoT devices.
Affected: proxy services, hacked devices, users of the compromised routers and IoT devices.
Keypoints
- The DOJ, Lumen Technologies, and international law enforcement collaborated to take down proxy services operated via a botnet of thousands of compromised devices.
- Domains for Anyproxy and 5socks were seized, and traffic to control points was null-routed to disrupt their infrastructure.
- Four individuals, including Russian and Kazakhstani nationals, are charged but remain at large, with an estimated $46 million earned from renting compromised proxies.
- The cybercriminals exploited known vulnerabilities in outdated home routers and IoT devices to build their botnet without requiring zero-day exploits.
- The proxy services facilitated malicious activities like ad fraud, DDoS attacks, brute-force attacks, and data exploitation, with most victims in the United States.
- The operation, named βOperation Moonlander,β highlights dangers associated with end-of-life (EOL) routers, which are more vulnerable to hacking.
- Black Lotus Labs provided threat indicators and recommendations for network defenders but did not disclose specifics about the malware used.
Read More: https://www.securityweek.com/us-announces-botnet-takedown-charges-against-russian-administrators/