December 9, 2024 at 07:07AM A botnet named Socks5Systemz operates the malicious proxy service PROXY.AM, enabling cybercriminals to mask their activities. Recent findings reveal its resurgence after losing control of its initial version. Meanwhile, the Gafgyt malware targets misconfigured Docker API servers, emphasizing the risks of cloud misconfigurations and the need for better security practices. … Read more
November 19, 2024 at 10:40AM The Ngioweb botnet, essential for the NSOCKS proxy service with 35,000 bots, is facing disruption as security firms block traffic to and from its two networks. **Meeting Notes Takeaways:** 1. **Ngioweb Botnet Overview**: The Ngioweb botnet comprises approximately 35,000 bots that are primarily utilized in the NSOCKS proxy service, which … Read more
May 30, 2024 at 05:15AM The U.S. Department of Justice dismantled the world’s largest botnet, 911 S5, involving 19 million infected devices in 190 countries, operated by Chinese national YunHe Wang. The botnet facilitated cyber attacks, fraud, identity theft, and child exploitation. Wang faces multiple charges and sanctions alongside the seizure of $30 million in … Read more
May 28, 2024 at 05:06PM The U.S. Treasury Department sanctioned a cybercrime network involving Chinese nationals and Thai companies connected to the “911 S5” botnet, which compromised millions of IP addresses. The network enabled cybercriminals to commit fraud and make bomb threats. Key individuals and entities have been sanctioned, prohibiting transactions and exposing violators to … Read more
May 28, 2024 at 03:16PM The U.S. Treasury Department sanctioned a cybercrime network involving Chinese individuals and Thai companies operating the “911 S5” botnet. This illegitimate residential proxy service compromised 19 million IP addresses, leading to billions in losses and creating threats. Sanctions were imposed on key individuals and entities, aiming to disrupt cybercriminal activities. … Read more
March 29, 2024 at 09:09AM In March 2024, a dormant botnet, TheMoon, was found controlling EoL routers and IoT devices to power a criminal proxy service named Faceless. The service allows malicious activities to remain anonymous and has been used by threats like SolarMarker and IcedID to connect to their C2 servers. The majority of … Read more
March 26, 2024 at 11:05AM A new variant of “TheMoon” malware botnet has infected thousands of outdated SOHO routers and IoT devices in 88 countries. Linked to the “Faceless” proxy service, it’s utilized by cybercriminals to anonymize their activities. Black Lotus Labs observed it targeting over 6,000 ASUS routers in less than 72 hours. Common … Read more
November 15, 2023 at 08:58AM The US government has taken down the IPStorm botnet and arrested the man responsible for its operation. The botnet distributed malware to thousands of devices worldwide, allowing cybercriminals to use them for a proxy service. The guilty party, Sergei Makinin, faces up to 10 years in prison and has agreed … Read more