Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A global coalition of law enforcement agencies shut down a botnet of tens of thousands of compromised home and small business routers on Wednesday.
The operation targeted SocksEscort, which Paid agent services offered It was built on a botnet of compromised routers used to commit various crimes, such as hacking victims’ bank and cryptocurrency accounts and filing fraudulent unemployment insurance claims. According to the advertisement It was published by the Ministry of Justice on Thursday. The Justice Department said crimes facilitated by SocksEscort cost Americans millions of dollars.
Europol He said in his announcement From the operation the SocksEscort botnet allegedly compromised more than 369,000 routers and IoT devices in 163 countries and the infected routers were “taken out of service.” The law enforcement agency said SocksEscort was used to facilitate ransomware and distributed denial-of-service (DDoS) attacks, and distribution of child sexual abuse material (CSAM).
“Criminal service agents paid for licenses to misuse these infected devices, hiding their original IP addresses to engage in various criminal activities,” Europol said. “When infected with malware, modem owners will not realize that their IP addresses have been used for illicit activities.”
The content of the official website was SocksEscort It has been replaced by a notice Announcing the seizure, as part of the law enforcement process.
The botnet consists of about 280,000 routers since last January, and was operated by a malicious program called AVRecon. According to cybersecurity company Black Lotus Labswhich tracked down SocksEscort and worked with law enforcement on the takedown.
“This botnet posed a significant threat, as it was marketed exclusively to criminals,” the company wrote in its post about the takedown. “It is worth noting that more than half of its victims were located in the United States or the United Kingdom, which enabled the attackers to carry out highly targeted operations.”
In 2023, Black Lotus Laboratories Named SocksEscort is “one of the largest botnets targeting small office/home office (SOHO) routers seen in recent history.”
At the time, it was cybersecurity journalist Brian Krebs I mentioned SocksEscort was founded in 2009 as a Russian-language service that sells access to thousands of hacked computers.