The United States has destroyed the infrastructure of a Russian botnet that hacked millions of computers and other electronic devices worldwide while acting as a proxy service.
The US Department of Justice, in collaboration with law enforcement partners in Germany, the Netherlands, and the United Kingdom, brought down the RSOCKS botnet, which initially targeted Internet of Things (IoT) devices before spreading to compromise Android devices and traditional computers.
A botnet is a collection of hacked internet-connected devices that are controlled collectively without the owner’s knowledge and are typically used for malicious purposes.
“The RSOCKS botnet compromised millions of devices throughout the world,” said US Attorney Randy Grossman.
“Working with public and private partners around the globe, we will relentlessly pursue them while using all the tools at our disposal to disrupt their threats and prosecute those responsible,” he said in a statement.
Rather than providing proxies that RSOCKS had leased, the botnet provided its clients with access to IP addresses assigned to hacked devices.
The cost of using a pool of RSOCKS proxies ranged from $30 per day for 2,000 proxies to $200 per day for 90,000 proxies.
“This operation disrupted a highly sophisticated Russia-based cybercrime organisation that conducted cyber intrusions in the US and abroad,” said FBI Special Agent in Charge, Stacey Moy.
After purchasing the botnet, the customer could obtain a list of IP addresses and ports associated with one or more of the botnet’s backend servers.
The customer could then route malicious internet traffic through the compromised victim devices, masking or concealing the true source of the traffic.
“It is believed that the users of this type of proxy service were conducting large scale attacks against authentication services, also known as credential stuffing, and anonymising themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages,” the DoJ explained.
