Tag: botnet
-
Feds disrupt proxyhire botnet, indict four alleged net miscreants
The FBI also issued a list of end-of-life routers you need to replace First seen on theregister.com Jump to article: www.theregister.com/2025/05/10/router_botnet_crashed/
-
Operation Moonlander dismantled the botnet behind Anyproxy and 5socks cybercriminals services
Law enforcement dismantled a 20-year botnet behind Anyproxy and 5socks cybercriminals services and arrested four suspects. Authorities dismantled a 20-year-old botnet tied to Anyproxy and 5socks as part of an international operation codenamed >>Operation Moonlander
-
FBI warns that end of life devices are being actively targeted by threat actors
Tags: access, antivirus, attack, authentication, botnet, china, cisco, control, credentials, cve, data-breach, exploit, firewall, firmware, Hardware, identity, infection, intelligence, Internet, malware, network, password, router, sans, service, software, technology, threat, tool, update, vulnerabilityLinksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550, WRT320N, WRT310N, WRT610NCradlepoint E100Cisco M10Threat actors, notably Chinese state-sponsored actors, are successfully exploiting known vulnerabilities in routers exposed to the web through pre-installed remote management software, according to the FBI. They then install malware, set up a botnet, and sell proxy services or launch coordinated attacks.”The…
-
Three Russians, one Kazakhstani charged in takedown of Anyproxy and 5socks botnets
U.S. prosecutors charged four foreign nationals and said a law enforcement operation seized internet domains associated with two powerful botnets. First seen on therecord.media Jump to article: therecord.media/5socks-anyproxy-botnets-takedown-russians-kazakhstani-charged
-
Feds Seize Domains in Global Proxy Botnet Crackdown
Russian, Kazakh Hackers Charged in $46M Proxy Botnet Scheme. Federal prosecutors charged four hackers for running a proxy botnet that exploited infected routers, using domains like Anyproxy.net to resell U.S. network access globally – and generating over $46M before a coordinated international takedown, according to a Friday indictment. First seen on govinfosecurity.com Jump to article:…
-
FBI and Dutch police seize and shut down botnet of hacked routers
U.S. authorities indicted three Russians and one Kazakhstan national for hacking and selling access to a botnet made of vulnerable internet-connected devices. First seen on techcrunch.com Jump to article: techcrunch.com/2025/05/09/fbi-and-dutch-police-seize-and-shut-down-botnet-of-hacked-routers/
-
Police dismantles botnet selling hacked routers as residential proxies
Law enforcement authorities have dismantled a botnet that infected thousands of routers over the last 20 years to build two networks of residential proxies known as Anyproxy and 5socks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/police-dismantles-botnet-selling-hacked-routers-as-residential-proxies/
-
BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
A joint law enforcement operation undertaken by Dutch and U.S. authorities has dismantled a criminal proxy network that’s powered by thousands of infected Internet of Things (IoT) and end-of-life (EoL) devices, enlisting them into a botnet for providing anonymity to malicious actors.In conjunction with the domain seizure, Russian nationals, Alexey Viktorovich Chertkov, 37, Kirill Vladimirovich…
-
Cybercriminal services target endlife routers, FBI warns
The FBI warns that attackers are using end-of-life routers to deploy malware and turn them into proxies sold on 5Socks and Anyproxy networks. The FBI released a FLASH alert warning about 5Socks and Anyproxy malicious services targeting end-of-life (EOL) routers. Attackers target EoL devices to deploy malware by exploiting vulnerabilities and create botnets for attacks…
-
Breach Roundup: UK NCSC Announces Resilience Initiatives
Also: Iberian Blackout, Delta Faces Lawsuit Linked to CrowdStrike Outage. Every week, ISMG rounds up cybersecurity incidents and breaches around the world. This week: Mirai Botnet Exploits Flaws in GeoVision, the Iberian blackout under investigation, dueling cybersecurity advisories from India and Pakistan, Delta must face a lawsuit linked to CrowdStrike outage. First seen on govinfosecurity.com…
-
Mirai botnet spread via GeoVision IoT, Samsung MagicINFO exploits
First seen on scworld.com Jump to article: www.scworld.com/brief/mirai-botnet-spread-via-geovision-iot-samsung-magicinfo-exploits
-
Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet
Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) devices to corral them into a Mirai botnet for conducting distributed denial-of-service (DDoS) attacks.The activity, first observed by the Akamai Security Intelligence and Response Team (SIRT) in early April 2025, involves the exploitation of two operating system command…
-
Tsunami Malware Surge: Blending Miners and Credential Stealers in Active Attacks
Security researchers have recently discovered a sophisticated malware operation called the >>Tsunami-Framework
-
Automated LockBit delivery facilitated by Phorpiex botnet
First seen on scworld.com Jump to article: www.scworld.com/brief/automated-lockbit-delivery-facilitated-by-phorpiex-botnet
-
Phorpiex Botnet Delivers LockBit Ransomware with Automated Tactics
A new ransomware campaign is automating LockBit deployment via the Phorpiex botnet, according to Cybereason First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phorpiex-botnet-delivers-lockbit/
-
âš¡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More
What happens when cybercriminals no longer need deep skills to breach your defenses? Today’s attackers are armed with powerful tools that do the heavy lifting, from AI-powered phishing kits to large botnets ready to strike. And they’re not just after big corporations. Anyone can be a target when fake identities, hijacked infrastructure, and insider tricks…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 43
Tags: attack, backdoor, botnet, china, crypto, fraud, infrastructure, international, malware, nfc, rust, supply-chainSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Inside Gamaredon’s PteroLNK: Dead Drop Resolvers and evasive Infrastructure XRP supply chain attack: Official NPM package infected with crypto stealing backdoor SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation New Rust Botnet >>RustoBot
-
Largest botnet ever discovered amid surging DDoS activity
First seen on scworld.com Jump to article: www.scworld.com/brief/largest-botnet-ever-discovered-amid-surging-ddos-activity
-
Google Warns: Threat Actors Growing More Sophisticated, Exploiting Zero-Day Vulnerabilities
Google’s Mandiant team has released its M-Trends 2025 report, highlighting the increasing sophistication of threat actors, particularly China-nexus groups. These adversaries are deploying custom malware ecosystems, exploiting zero-day vulnerabilities in security appliances, and utilizing proxy networks resembling botnets to evade detection. Their tactics also include targeting edge devices lacking endpoint detection and response (EDR) capabilities…
-
XorDDoS Malware Upgrade Enables Creation of Advanced DDoS Botnets
Cisco Talos has uncovered significant advancements in the XorDDoS malware ecosystem, revealing a multi-layered infrastructure enabling sophisticated distributed denial-of-service (DDoS) attacks through a new >>VIP version
-
BSidesLV24 Breaking Ground Insights On Using A Cloud Telescope To Observe Internet-Wide Botnet Propagation Activity
Author/Presenter: Fabricio Bortoluzzi Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/bsideslv24-breaking-ground-insights-on-using-a-cloud-telescope-to-observe-internet-wide-botnet-propagation-activity/
-
Europol-Operation Operation Endgame: Botnetz abgeschaltet, Verdächtige verhaftet
Tags: botnetEuropol und weitere Strafverfolger haben mit der “Operation Endgame” bereits 2024 Server beschlagnahmt und ein Botnetz abgeschaltet. Im Rahmen von Folgeermittlungen wurden jetzt fünf Verdächtige verhaftet. Weitere Beschuldigte werden im Rahmen dieser Operation zudem verhört. Nach der massiven Zerschlagung des … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/11/europol-operation-operation-endgame-botnetz-abgeschaltet-verdaechtige-verhaftet/
-
Operation Endgame follow-up cracks down on Smokeloader botnet
Tags: botnetFirst seen on scworld.com Jump to article: www.scworld.com/brief/operation-endgame-follow-up-cracks-down-on-smokeloader-botnet
-
Smokeloader Users Identified and Arrested in Operation Endgame
Authorities arrest 5 Smokeloader botnet customers after Operation Endgame; evidence from seized data links customers to malware, ransomware, and more. First seen on hackread.com Jump to article: hackread.com/smokeloader-users-identified-arrested-operation-endgame/
-
Europol Targets Customers of Smokeloader Pay-Per-Install Botnet
Law enforcement agencies in multiple countries have announced the arrests of users of the malicious Smokeloader botnet. The post Europol Targets Customers of Smokeloader Pay-Per-Install Botnet appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/europol-targets-customers-of-smokeloader-pay-per-install-botnet/
-
Über 6.000 Geräte infiziert – Neues Botnetz attackiert TP-Link-Router
First seen on security-insider.de Jump to article: www.security-insider.de/neues-botnetz-ballista-angriff-auf-tp-link-router-a-fee1ba9560903f4b82cf8e61d5793e5a/
-
Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence
Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals.”In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as ‘Superstar,’ faced consequences such as arrests, house searches, arrest warrants or ‘knock and talks,’” Europol said in…
-
Smokeloader Malware Operators Busted, Servers Seized by Authorities
In a major victory against cybercrime, law enforcement agencies across North America and Europe have dismantled the infrastructure behind the Smokeloader malware, a notorious pay-per-install (PPI) botnet service. This decisive action, a continuation of the groundbreaking Operation Endgame from May 2024, marks yet another blow to the global malware ecosystem. The Smokeloader botnet, operated by…
-
Deluge of TVT DVR exploitation attempts likely due to Mirai-based botnet
First seen on scworld.com Jump to article: www.scworld.com/brief/deluge-of-tvt-dvr-exploitation-attempts-likely-due-to-mirai-based-botnet
-
Police detains Smokeloader malware customers, seizes servers
In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet’s customers and detained at least five individuals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/police-detains-smokeloader-malware-customers-seizes-servers/