Particle.news

Download on the App Store

Global Botnet Dismantled as Four Indicted in $46 Million Cybercrime Scheme

Operation Moonlander, led by the FBI and international partners, shuts down Anyproxy and 5Socks botnet built on hacked routers active since 2004.

A screenshot of the seizure notice on the websites of 5Socks and Anyproxy, two services selling access to a botnet of hacked internet-connected devices. (Image: Screenshot/TechCrunch)

Overview

  • The FBI, alongside Dutch and Thai law enforcement, seized the domains Anyproxy.net and 5socks.net, disabling a botnet of malware-infected routers across over 80 countries.
  • Four individuals—three Russians and one Kazakhstani—were indicted on conspiracy and computer crime charges for operating the botnet and profiting from illicit proxy services.
  • The botnet exploited vulnerabilities in older-model wireless routers, turning them into proxies marketed to cybercriminals for activities like password spraying and ad fraud.
  • The services, active since 2004, generated over $46 million in revenue by selling access to more than 7,000 proxies through subscription plans ranging from $9.95 to $110 per month.
  • Black Lotus Labs and other cybersecurity experts supported the investigation, which highlighted the use of residential proxies to obscure malicious online activities.