The US, Germany, the Netherlands, and the UK tore down the infrastructure of a Russian botnet RSOCKS, which hacked millions of computers and other electronic devices around the world.
“This operation disrupted a highly sophisticated Russia-based cybercrime organization that conducted cyber intrusions in the United States and abroad,” said FBI Special Agent in Charge Stacey Moy.
According to the Department of Justice, RSOCKS initially went after the Internet of Things (IoT) devices, including industrial control systems, time clocks, routers, audio/video streaming devices, and smart garage door openers. The RSOCKS botnet also compromised Android devices and conventional computers.
“A legitimate proxy service provides IP addresses to its clients for a fee. Typically, the proxy service provides access to IP addresses that it leases from internet service providers (ISPs). Rather than offer proxies that RSOCKS had leased, the RSOCKS botnet offered its clients access to IP addresses assigned to devices that had been hacked,” DOJ explained.
Cybercriminals could access a pool of RSOCKS proxies, and the price ranged from $30 per day for access to 2,000 proxies to $200 per day for access to 90,000 proxies.
“It is believed that the users of this type of proxy service were conducting large-scale attacks against authentication services, also known as credential stuffing, and anonymizing themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages,” DOJ detailed.
The FBI used undercover purchases to obtain access to the RSOCKS botnet. The bureau identified approximately 325,000 compromised victim devices worldwide, with numerous devices located within San Diego County. The FBI said that victims’ devices were compromised by conducting brute force attacks.
“Several large public and private entities have been victims of the RSOCKS botnet, including a university, a hotel, a television studio, and an electronics manufacturer, as well as home businesses and individuals,” DOJ said.
More from Cybernews:
Subscribe to our newsletter