Thousands of Devices Compromised in Sophisticated Cybercrime Scheme

A joint international law enforcement action has resulted in the shutdown of two services accused of providing a botnet of hacked internet-connected devices to cybercriminals.

The botnet, which was used to carry out various types of abuse, including password spraying, DDoS attacks, and ad fraud, had compromised thousands of devices worldwide.

According to the indictment, the four individuals behind the botnet, Alexey Viktorovich Chertkov, Kirill Vladimirovich Morozov, Aleksandr Aleksandrovich Shishkin, and Dmitriy Rubtsov, targeted older models of wireless internet routers with known vulnerabilities and sold access to the botnet on their services, Anyproxy and 5Socks.

The services, which have been active since 2004, allegedly built their network of proxies by infecting vulnerable devices and turning them into a botnet used by cybercriminals.

The indictment states that the botnet subscribers’ internet traffic appeared to come from the IP addresses assigned to the compromised devices rather than the IP addresses assigned to the devices that the subscribers were actually using. This allowed the cybercriminals to maintain anonymity while committing crimes.

The law enforcement operation, dubbed “Operation Moonlander,” was carried out by the FBI, the Dutch National Police, the U.S. Attorney’s Office for the Northern District of Oklahoma, and the U.S. Department of Justice. The four individuals behind the botnet are believed to have made over $46 million from selling access to the botnet.

Researchers at Black Lotus Labs, a team of cybersecurity experts, worked with the authorities to track the proxy networks and helped identify the individuals behind the botnet. The researchers described the botnet as “designed to offer anonymity for malicious actors online” and stated that the bulk of the botnet were routers, all kinds of end-of-life make and models.

The shutdown of Anyproxy and 5Socks marks a significant victory for law enforcement in the fight against cybercrime. The operation highlights the importance of international cooperation in combating sophisticated cybercrime schemes and demonstrates the need for individuals and organizations to prioritize cybersecurity and protect themselves against potential threats.