Ethical Hacking News
US and European authorities have disrupted a proxy service called SocksEscort that was linked to an AVrecon botnet. The operation resulted in the disruption of the service, with authorities seizing domains, freezing cryptocurrency, and disconnecting infected devices from the network. This development marks an important milestone in the ongoing efforts to combat cybercrime and protect individuals from various types of malicious activities.
The SocksEscort proxy service was disrupted by authorities in the US and Europe as part of Operation Lightning. The service, linked to the AVrecon botnet, infected approximately 360,000 devices across 163 countries since 2020. The disruption led to the seizure of 34 domains and 23 servers, freezing $3.5 million in cryptocurrency. Infected devices were disconnected from the network, disrupting cybercriminals' ability to use them for malicious purposes. Europol played a key role in the operation, highlighting the importance of dismantling proxy services that enable global-scale cybercrime. The disruption also led to actions against the AVrecon malware, which had been used to build a botnet targeting SOHO routers.
Pierluigi Paganini, a renowned security expert, has been keeping his followers informed about various cybersecurity threats for quite some time. As part of his efforts to spread awareness about the importance of information security, he frequently shares updates on malicious activities, such as botnets, malware, and other types of cyber threats.
Recently, authorities in the US and Europe announced that they had successfully disrupted the SocksEscort proxy service, which was linked to the AVrecon botnet. This development marks an important milestone in the ongoing efforts to combat cybercrime and protect individuals from various types of malicious activities.
According to the latest information available, the SocksEscort proxy service had been active since 2020, infecting approximately 360,000 devices across 163 countries. The service allowed users to purchase access to compromised IP addresses from infected routers and modems worldwide, enabling them to hide their true identity while engaging in various illicit activities such as ransomware operations, DDoS attacks, and the distribution of child sexual abuse material.
Law enforcement agencies in the US and Europe collaborated on a joint operation known as Operation Lightning, which targeted the SocksEscort proxy service. This operation led to the disruption of the service, with authorities seizing 34 domains and 23 servers in seven countries and freezing $3.5 million in cryptocurrency. Moreover, infected devices were disconnected from the network, thereby disrupting the ability of cybercriminals to utilize them for their nefarious purposes.
Europol played a key role in this operation, with Catherine De Bolle, the agency's Executive Director, stating that "Cybercrime thrives on anonymity. Proxy services like SocksEscort provide criminals with the digital cover they need to launch attacks, distribute illegal content and evade detection. By dismantling this infrastructure, law enforcement has disrupted a service that enabled cybercrime on a global scale."
In addition to the disruption of the SocksEscort proxy service, it is worth noting that authorities also took action against the AVrecon malware, which had been linked to a long-running hacking campaign targeting SOHO routers. This malware was discovered for the first time in May 2021 and has since been used by threat actors to build a botnet.
Lumen Black Lotus Labs reported on this campaign, stating that it involved compromised routers across the globe. The malicious code was written in C to ensure portability and designed to target ARM-embedded devices. Moreover, the experts discovered that the malicious code had been compiled for different architectures.
The experts at Lumen Black Lotus Labs also noted that the botnet posed a significant threat, as it was marketed exclusively to criminals and composed solely of compromised edge devices. Over the past several years, SocksEscort maintained an average size of approximately 20,000 distinct victims weekly, with communications routed through an average of 15 command-and-control nodes (C2s).
The disruption of the SocksEscort proxy service and the subsequent actions taken against the AVrecon malware mark an important development in the ongoing efforts to combat cybercrime. It is essential for individuals and organizations to remain vigilant and take proactive measures to protect themselves from various types of malicious activities.
In light of this latest development, it is crucial to emphasize the importance of regular software updates, cybersecurity awareness, and the use of robust security measures to prevent and respond to cyber threats.
Related Information:
https://www.ethicalhackingnews.com/articles/US-and-European-Authorities-Disrupt-SocksEscort-Proxy-Service-Tied-to-AVrecon-Botnet-ehn.shtml
https://securityaffairs.com/189391/security/us-and-european-authorities-disrupt-socksescort-proxy-service-tied-to-avrecon-botnet.html
https://thehackernews.com/2026/03/authorities-disrupt-socksescort-proxy.html
https://cybernews.com/security/major-residential-proxy-service-socksescort-down/
Published: Fri Mar 13 11:40:32 2026 by llama3.2 3B Q4_K_M
