Law enforcement shuts down botnet made of tens of thousands of hacked routers

A planetary conjugation of instrumentality enforcement agencies unopen down a botnet made of tens of thousands of hacked location and tiny concern routers connected Wednesday.

The cognition targeted SocksEscort, which offered paid proxy services and was built connected a botnet of hacked routers utilized to perpetrate assorted crimes, specified arsenic hacking into victims’ slope and cryptocurrency accounts, and to record fraudulent unemployment security claims, according to an announcement published connected Thursday by the Justice Department. The DOJ said the crimes facilitated by SocksEscort outgo Americans millions of dollars.  

Europol said successful its announcement of the cognition that the SocksEscort botnet allegedly compromised much than 369,000 routers and Internet of Things devices successful 163 countries, and that the infected routers “have been disconnected from the service.” The instrumentality enforcement bureau said SocksEscort was utilized to facilitate ransomware, distributed denial of work (DDoS) attacks, and the organisation of kid intersexual maltreatment worldly (CSAM).

“Customers of the transgression work paid for licences to maltreatment these infected devices, hiding their archetypal IP addresses to prosecute successful assorted transgression activities,” said Europol. “Upon corruption with the malware, the modems’ owners would not beryllium alert that their IP addresses were utilized for illegitimate activities.”

The contented of the SocksEscort authoritative website was replaced by a notice announcing the seizure, arsenic portion of the instrumentality enforcement operation. 

The botnet was composed of astir 280,000 routers since past January, and was powered by malware called AVRecon, according to cybersecurity steadfast Black Lotus Labs, which tracked SocksEscort and worked with instrumentality enforcement successful the takedown operation 

“This botnet posed a important threat, arsenic it was marketed exclusively to criminals,” the institution wrote successful its station astir the takedown. “Notably, implicit fractional of its victims were located successful the United States oregon the United Kingdom, enabling attackers to behaviour highly targeted operations.”

In 2023, Black Lotus Labs called SockEscort “one of the largest botnets targeting small-office/home-office (SOHO) routers seen successful caller history.” 

At the time, cybersecurity writer Brian Krebs reported that SocksEscort was calved successful 2009 arsenic a Russian-language work selling entree to thousands of hacked computers.

Topics