Ethical Hacking News
A notorious botnet selling hacked routers as residential proxies has been dismantled in a joint operation by law enforcement agencies from around the world. The Anyproxy and 5socks networks infected thousands of routers worldwide with malware since at least 2004, allowing cybercriminals to gain unauthorized access to compromised devices. The U.S. Justice Department has indicted three Russian nationals and a Kazakhstani individual for their involvement in operating this malicious network.
The "Operation Moonlander" has been launched to dismantle a notorious botnet called Anyproxy and 5socks.The botnet has been exploiting vulnerable routers since at least 2004, infecting thousands of devices worldwide with malware.A joint operation by law enforcement agencies from the US, Netherlands, Thailand, and Russia has taken down the malicious network.Three Russian nationals have been indicted for their involvement in operating and profiting from the botnet.The dismantling of this botnet is a significant blow to cybercriminals worldwide.
The dark corners of the internet, where malicious actors lurk and wreak havoc on unsuspecting users, are being policed by law enforcement agencies around the world. In recent weeks, a significant operation dubbed "Operation Moonlander" has been launched to dismantle a notorious botnet that has been exploiting vulnerable routers for nefarious purposes.
The botnet in question, which has been identified as the Anyproxy and 5socks networks, has been operating for over two decades, infecting thousands of routers worldwide with malware since at least 2004. This malicious infrastructure allowed cybercriminals to gain unauthorized access to compromised devices, which were then sold on the black market as proxy servers.
The two domains, Anyproxy.net and 5socks.net, were managed by a Virginia-based company and hosted on servers globally, making them highly accessible and difficult to track. The botnet's controllers required cryptocurrency for payment, and users could connect directly with proxies using no authentication, which has been documented in previous cases as leading to malicious actors gaining free access.
Law enforcement agencies from the United States, the Netherlands, Thailand, and Russia have joined forces to take down this malicious network. The U.S. Justice Department announced that three Russian nationals, Alexey Viktorovich Chertkov, Kirill Vladimirovich Morozov, and Aleksandr Aleksandrovich Shishkin, as well as a Kazakhstani individual, Dmitriy Rubtsov, have been indicted for their involvement in operating, maintaining, and profiting from these two illegal services.
The indictment alleges that the defendants advertised the two services on various websites, including ones used by cybercriminals, and collected over $46 million from selling subscriptions providing access to the infected routers part of the Anyproxy botnet. The operation also targeted end-of-life (EoL) routers with a variant of the TheMoon malware, which allowed attackers to install proxies on unsuspecting victim routers and conduct cybercrimes anonymously.
According to FBI officials, the list of devices commonly targeted by the botnet includes Linksys and Cisco router models, including specific variants such as the Linksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550, Linksys WRT320N, WRT310N, WRT610N, Cisco M10, and Cradlepoint E100.
The dismantling of this botnet is a significant blow to cybercriminals worldwide, who relied on these proxy servers for their nefarious activities. Law enforcement agencies have been cracking down on such networks, highlighting the importance of cooperation between nations in combating cybercrime.
In recent years, there has been an increase in the number of residential proxy services being sold online, which are often used to evade detection during cybercrime-for-hire activities, cryptocurrency theft attacks, and other illegal operations. These services allow malicious actors to create a layer of anonymity, making it difficult for law enforcement agencies to track down their victims.
The U.S. Justice Department has emphasized the importance of these efforts, stating that "such residential proxy services are particularly useful to criminal hackers to provide anonymity when committing cybercrimes; residential-as opposed to commercial—IP addresses are generally assumed by internet security services as much more likely to be legitimate traffic."
This operation serves as a reminder that law enforcement agencies around the world are committed to policing the dark corners of the internet, working tirelessly to dismantle malicious networks and bring those responsible for these crimes to justice.
Related Information:
https://www.ethicalhackingnews.com/articles/Policing-the-Shadows-The-Dismantling-of-a-Botnet-Selling-Hacked-Routers-as-Residential-Proxies-ehn.shtml
https://www.bleepingcomputer.com/news/security/police-dismantles-botnet-selling-hacked-routers-as-residential-proxies/
https://thehackernews.com/2025/05/breaking-7000-device-proxy-botnet-using.html
Published: Fri May 9 13:14:08 2025 by llama3.2 3B Q4_K_M
