FBI dismantles IPStorm botnet, operator arrested


IPStorm operator Sergei Makinin started the botnet in 2019 and has admitted to earning over half a million dollars from selling access to infected devices.

The IPStorm botnet has met its end after the FBI dismantled the 20+ thousand strong network of infected computers. Threat actors used the illegal infrastructure to route traffic through infected Windows, Linux, Mac, and Android devices, avoiding detection.

In connection to the case, Makinin, a Russian and Moldovan national, pleaded guilty to taking over thousands of electronic devices worldwide and later selling access to them, the US Department of Justice (DoJ) said.

ADVERTISEMENT

From June 2019 through December 2022, Makinin developed the IPStorm malware, which spread from device to device worldwide and controlled the infected electronics, knitting everything into a functioning botnet.

“The main purpose of the botnet was to turn infected devices into proxies as part of a for-profit scheme, which made access to these proxies available through Makinin’s websites, proxx.io and proxx.net,” the DoJ explained.

Makinin would sell access to over 23,000 infected devices, called proxies, for hundreds of dollars a month. The perpetrator admitted to gaining at least $550,000 for renting the IPStorm botnet.

Authorities added that the operation to dismantle the botnet did not extend to victim computers. This means that while the botnet is no longer usable, the IPStorm malware has not magically disappeared from infected devices.