International Operation Targets SockEscort Botnet

A global coalition of law‑enforcement agencies announced the shutdown of the SocksEscort botnet, a massive network of compromised routers used to facilitate a wide range of cybercrimes. The Department of Justice (DOJ) and Europol disclosed that the operation targeted the paid proxy service SocksEscort, which sold access to hacked home and small‑business routers.

According to the DOJ, the botnet enabled criminals to hack bank and cryptocurrency accounts, file fraudulent unemployment insurance claims, and conduct ransomware, distributed denial‑of‑service (DDoS) attacks, as well as distribute child sexual abuse material (CSAM). The criminal service charged customers for licenses that allowed them to abuse the infected devices while masking their true IP addresses.

Europol reported that the botnet had compromised more than 369,000 routers and Internet‑of‑Things devices across 163 countries. The infected routers were disconnected from the service as part of the takedown. The operation also replaced the official SocksEscort website with a notice announcing the seizure.

Cybersecurity firm Black Lotus Labs, which tracked the botnet and assisted law enforcement, said the network was powered by malware known as AVRecon. The firm estimated that the botnet comprised around 280,000 routers since the previous January and described it as “one of the largest botnets targeting small‑office/home‑office (SOHO) routers seen in recent history.” Over half of the victims were located in the United States or the United Kingdom, allowing attackers to conduct highly targeted operations.

Earlier coverage noted that SocksEscort originated in 2009 as a Russian‑language service selling access to thousands of hacked computers. The recent takedown represents a significant disruption of a criminal infrastructure that cost Americans millions of dollars.

Used: News Factory APP - news discovery and automation - ChatGPT for Business