A joint effort by Dutch and U.S. law enforcement has dismantled a large proxy network operated through infected IoT and end-of-life devices, generating over $46 million in illegal subscription fees. This operation involved domain seizures and disruption of related malware and infrastructure, highlighting the risks associated with obsolete devices and unsecured routers. (Affected: IoT devices, Proxy network, internet infrastructure)
Keypoints :
- An international law enforcement operation targeting a criminal proxy network infected thousands of IoT and EoL devices used for anonymous malicious activities.
- The operators charged users monthly fees, earning over $46 million since 2004 by selling access to infected routers.
- The malware, called TheMoon, infects routers via known vulnerabilities, enabling persistent remote access and illegal proxy services.
- Services such as anyproxy.net and 5socks.net sold thousands of proxies daily, facilitating cybercrimes like DDoS attacks, fraud, and data breaches.
- Most victims of the botnet are located in the United States, with contact to a command-and-control infrastructure based in Turkey.
- The operation was disrupted through domain seizures and infrastructure null routing, reducing the malicious networkβs effectiveness.
- Users are advised to update router security, change default passwords, reboot devices regularly, and replace EoL devices to mitigate future risks.
Read More: https://thehackernews.com/2025/05/breaking-7000-device-proxy-botnet-using.html
Views: 13