DOJ: Russian RSOCKS botnet disrupted in international operation
The Department of Justice announced Thursday that the U.S. and international law enforcement partners in the United Kingdom, Germany, and the Netherlands disrupted a major botnet operated by Russian cybercriminals that hijacked millions of computers, phones, and Internet of Things devices.
The botnet, RSOCKS, advertised itself as a proxy service — a company that lets you route traffic through other locations. But instead of gaining access to IP addresses through legal means, such as leasing them from local Internet Service Providers, the company allowed customers to route traffic through compromised devices, according to the DOJ.
“The cost for access to a pool of RSOCKS proxies ranged from $30 per day for access to 2,000 proxies to $200 per day for access to 90,000 proxies,” the agency said in a press release.
Proxy services can be used for legitimate purposes, but may also be leveraged in credential stuffing attacks or to help mask the identity of someone engaging in malicious behavior online.
The RSocks infrastructure disruption followed an investigation that began after an undercover operation purchase in 2017. The DOJ said it “identified approximately 325,000 compromised victim devices” in that first sweep.
“Several large public and private entities have been victims of the RSOCKS botnet, including a university, a hotel, a television studio, and an electronics manufacturer, as well as home businesses and individuals,” according to the agency press release.
Although the botnet was dismantled, no arrests were announced.
In April, the U.S. announced it had disrupted a major botnet operated by the GRU Russian military intelligence hacker team known as Sandworm.
Andrea Peterson
(they/them) is a longtime cybersecurity journalist who cut their teeth covering technology policy at ThinkProgress (RIP) and The Washington Post before doing deep-dive public records investigations at the Project on Government Oversight and American Oversight.