A significant international law enforcement operation has dismantled two services, Anyproxy and 5Socks, accused of running a botnet comprised of hacked internet-connected devices like routers. The operation, dubbed “Operation Moonlander,” was led by the FBI, the Dutch National Police, and the U.S. Department of Justice. Notices about the seizure of the websites were posted on Wednesday, signalling the crackdown on these services linked to cybercriminal activities.
On Friday, U.S. prosecutors indicted four individuals—three Russians and one Kazakh—who are believed to have gained substantial profits from operating Anyproxy and 5Socks. The defendants, identified as Alexey Viktorovich Chertkov, Kirill Vladimirovich Morozov, Aleksandr Aleksandrovich Shishkin, and Dmitriy Rubtsov, allegedly targeted and compromised thousands of older model wireless routers, exploiting their known vulnerabilities.
The indictment revealed that these individuals sold access to the botnet through Anyproxy and 5Socks, which had been operational since 2004. Although not illegal in themselves, residential proxy networks can be misused for bypassing geo-restrictions or government censorship. However, the prosecutors allege that Anyproxy and 5Socks built their networks by infecting numerous vulnerable devices, effectively creating a botnet for malicious use.
The botnet allowed users to disguise their internet activity by routing traffic through the compromised devices, making it appear as though it was coming from legitimate residential IP addresses. This anonymity is appealing to cybercriminals looking to evade security measures while conducting illicit activities online.
The indictment argued that the conspirators marketed the Anyproxy botnet as a residential proxy service on social media and cybercrime forums. These services are particularly valued among hackers for providing a façade of legitimacy, which is less likely to raise suspicions compared to commercial IP addresses.
Authorities believe that the four suspects profited over $46 million from their cybercriminal enterprise. While the FBI and DOJ have not commented further, experts from Black Lotus Labs indicated that the services had been implicated in multiple forms of cyber abuse, including ad fraud and Distributed Denial-of-Service (DDoS) attacks.
Black Lotus Labs collaborated with law enforcement to track these networks, stating that the botnet was structured to provide anonymity for actors engaged in malicious activities. They estimated that the botnet had around 1,000 active proxies weekly across more than 80 countries. Additional insights from Spur, a company monitoring proxy services, highlighted that while 5Socks is a relatively smaller criminal network, its use had grown, particularly for financial fraud.
The takedown of these services marks a crucial step in combating cybercrime, as authorities work to dismantle the infrastructure that supports such illegal activities.
Fanpage:Â TechArena.au
Watch more about AI – Artificial Intelligence
