Ethical Hacking News
The FBI has taken down SocksEscort, a notorious residential proxy service used by cybercriminals to carry out digital fraud and other types of cybercrime. The takedown, which involved law enforcement agencies from eight countries, resulted in the seizure of 34 domains and 23 servers, as well as the freezing of approximately $3.5 million in cryptocurrency linked to the service. The operation highlights the ongoing struggle against cybercrime and the importance of international cooperation in combating this threat.
The SocksEscort residential proxy service was taken down in a joint operation involving law enforcement agencies from eight countries.The takedown resulted in seizing 34 domains, 23 servers, and freezing approximately $3.5 million in cryptocurrency linked to the service.The platform, used by cybercriminals since 2020, has sold access to compromised routers for large-scale fraud and digital crimes, affecting around 369,000 different IP addresses.The operation is considered one of the largest against residential proxy services in recent history, with an estimated 124,000 users.The takedown aims to mitigate the risk of outdated routers being turned into residential proxy networks by tracking and retiring end-of-life technology.
The SocksEscort residential proxy service, a notorious platform used by cybercriminals to compromise hundreds of thousands of routers worldwide and carry out digital fraud, has been taken down in a joint operation involving law enforcement agencies from eight countries. The takedown, code-named Operation Lightning, was conducted by the FBI and its international partners, who seized 34 domains and 23 servers across seven countries, as well as freezing approximately $3.5 million in cryptocurrency linked to the service.
The SocksEscort proxy network, which has been active since the summer of 2020, has been used by cybercriminals to sell access to compromised routers for large-scale fraud and digital crimes. The malware-infected routers, which were infected with a botnet called AVRecon, allowed criminals to remotely control the devices and direct internet traffic through them. According to the US Justice Department, SocksEscort has sold access to approximately 369,000 different IP addresses since its inception.
The takedown of SocksEscort is considered one of the largest operations against residential proxy services in recent history. The platform's customer base was estimated to be around 124,000 users, with some victims including a customer of a cryptocurrency exchange who was defrauded of $1 million worth of cryptocurrency, a Pennsylvania manufacturing business that was defrauded of $700,000, and current and former US service members who were defrauded out of $100,000.
The FBI Deputy Assistant Director Jason Bilnoski stated that the operation would lead to additional evidence and allow authorities to pursue further criminal activity. He also emphasized the importance of tracking and retiring end-of-life technology on a defined schedule to mitigate the risk of outdated routers being turned into residential proxy networks.
Lumen's Black Lotus Labs, which has been tracking the AVRecon botnet since 2023, described it as "one of the largest botnets targeting small-office/home-office (SOHO) routers seen in recent history." The organization also noted that the proliferation of illicit residential proxies like SocksEscort represents a significant challenge for governments and private-sector partners.
The FBI's Operation Winter Shield, launched last month, includes 10 key defensive measures to improve organizations' security posture. One of these measures is particularly relevant to mitigating the risk of residential proxy networks: tracking and retiring end-of-life technology on a defined schedule. This measure aims to reduce the likelihood of outdated routers being compromised by malware.
The takedown of SocksEscort highlights the ongoing struggle against cybercrime and the importance of international cooperation in combating this threat. The operation demonstrates the FBI's commitment to protecting American businesses, consumers, and citizens from digital fraud and other types of cybercrime.
In addition to the takedown of SocksEscort, the article also mentions various other cybersecurity-related topics such as AI, quantum key distribution, ransomware, phishing, and zero trust. These topics are interconnected with the main subject of the article, highlighting the broader context of cybersecurity threats and countermeasures.
Related Information:
https://www.ethicalhackingnews.com/articles/SocksEscort-Residential-Proxy-Service-Takedown-A-Global-Effort-to-Combat-Cybercrime-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/03/12/socksescort_fraud_proxy_taken_down_fbi/
https://www.msn.com/en-us/news/technology/operating-lightning-takes-down-socksescort-proxy-network-blamed-for-tens-of-millions-in-fraud/ar-AA1YubHw
https://cyberscoop.com/socksescort-proxy-network-botnet-takedown/
Published: Thu Mar 12 12:31:45 2026 by llama3.2 3B Q4_K_M
