International law enforcement agencies successfully halted a major botnet

International law enforcement agencies have successfully taken down a large botnet service named SocksEscort. This was reported by Zamin.uz.

This system consisted of router devices belonging to tens of thousands of compromised homes and small businesses. The operation primarily targeted a paid proxy server service.

This service enabled cybercriminals worldwide to hide their identities. They have used it for various crimes, including attacks via ransomware and large-scale internet-disrupting attacks, as well as the distribution of child sexual abuse material.

The Department of Justice announced that this botnet facilitated access to bank and cryptocurrency accounts. The system caused millions of dollars in damages to U.S. citizens by filing fraudulent unemployment claims.

According to Europol data, over 369 thousand routers and other internet-connected devices were compromised across 163 countries. Currently, all infected devices have been disconnected from the service and rendered inoperable.

Criminals exploited their anonymity, taking advantage of owners' lack of knowledge to obtain permission to use these devices in exchange for a license fee. Since January, the botnet comprised approximately 180 thousand routers and was managed via a malicious program called AVRecon, with the assistance of cybersecurity firm Black Lotus Labs.

Black Lotus Labs assessed this botnet as a serious threat intended solely for criminals. More than half of the victims were located in the United States and the United Kingdom.

The service began in 2009 as a Russian-language operation that sold access to compromised computers. Currently, the official website is displaying a seizure notice issued by law enforcement agencies as part of coordinated international actions.