CyberSecurityBoard
Sponsor Register Login

20 Years old Proxy Botnet Network Dismantled That Exploits 1000 Unique Unpatched Devices Weekly

The botnet, tracked by Black Lotus Labs for over a year, infected thousands of Internet of Things (IoT) and end-of-life (EoL) devices, creating a veil of anonymity for malicious actors engaging in activities such as ad fraud, DDoS attacks, brute-forcing, and data exploitation. In a coordinated effort, Lumen Technologies’ Black Lotus Labs, the U.S. Department of Justice (DOJ), the Federal Bureau of Investigation (FBI), and the Dutch National Police have dismantled a sophisticated criminal proxy network that has operated since 2004. The botnet, powered by malware targeting unpatched IoT and small office/home office (SOHO) devices in residential IP spaces, maintained an average of 1,000 unique bots weekly, communicating with command-and-control (C2) servers located in Turkey. The botnet’s operators claimed a daily pool of 7,000 proxies, though Black Lotus Labs’ telemetry suggests a smaller but highly effective network. The botnet’s longevity and low detection rate only 10% of its proxies were flagged by tools like VirusTotal stemmed from its focus on EoL devices, which lack vendor support and cannot be patched. Black Lotus Labs highlighted the challenge of detecting such traffic, which blends seamlessly with legitimate residential activity. By exploiting known vulnerabilities rather than zero-day flaws, the operators maintained bot lifecycles averaging over a week, ensuring stability and anonymity for users.

This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 10 May 2025 08:20:03 +0000


Cyber News related to 20 Years old Proxy Botnet Network Dismantled That Exploits 1000 Unique Unpatched Devices Weekly

20 Years old Proxy Botnet Network Dismantled That Exploits 1000 Unique Unpatched Devices Weekly - The botnet, tracked by Black Lotus Labs for over a year, infected thousands of Internet of Things (IoT) and end-of-life (EoL) devices, creating a veil of anonymity for malicious actors engaging in activities such as ad fraud, DDoS attacks, ...
7 months ago Cybersecuritynews.com
Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested - The US Justice Department announced on Wednesday that the massive 911 S5 proxy botnet has been dismantled and its alleged administrator, a Chinese national, has been arrested. The Treasury Department earlier this week announced sanctions against ...
1 year ago Packetstormsecurity.com
Russian admits building now-dismantled IPStorm proxy botnet The Register - The FBI says it has dismantled another botnet after collaring its operator, who admitted hijacking tens of thousands of machines around the world to create his network of obedient nodes. Sergei Makinin, a Russian and Moldovan national, was cuffed in ...
2 years ago Theregister.com
New Vo1d botnet variant infects 1.6 million Android TVs worldwide - A new variant of the Vo1d malware botnet has infected 1,590,299 Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks. The Vo1d botnet is a multi-purpose cybercrime tool that turns compromised devices ...
9 months ago Bleepingcomputer.com
Vo1d malware botnet grows to 1.6 million Android TVs worldwide - A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks. The Vo1d botnet is a multi-purpose cybercrime tool that turns compromised ...
9 months ago Bleepingcomputer.com
Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
2 years ago Bleepingcomputer.com Volt Typhoon
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
1 year ago Securityboulevard.com Fancy Bear APT28 Volt Typhoon
US dismantles 911 S5 botnet used for cyberattacks, arrests admin - The U.S. Justice Department and international partners dismantled the 911 S5 proxy botnet and arrested 35-year-old Chinese national YunHe Wang, its administrator. As early as 2011, Wang and his conspirators pushed malware onto victims' devices using ...
1 year ago Bleepingcomputer.com LockBit
"Largest Botnet Ever" Disrupted. 911 S5's Alleged Mastermind Arrested - A vast network of millions of compromised computers, being used to facilitate a wide range of cybercrime, has been disrupted by a multinational law enforcement operation. 35-year-old YunHe Wang, a dual citizen of China and St. Kitts and Nevis, is ...
1 year ago Tripwire.com
Socks5Systemz proxy service infects 10,000 systems worldwide - A proxy botnet called 'Socks5Systemz' has been infecting computers worldwide via the 'PrivateLoader' and 'Amadey' malware loaders, currently counting 10,000 infected devices. The malware infects computers and turns them into traffic-forwarding ...
2 years ago Bleepingcomputer.com
Aisuru Botnet With 300,000 Hijacked Routers - The Aisuru botnet has emerged as a significant threat in the cybersecurity landscape, leveraging an astonishing network of over 300,000 hijacked routers worldwide. This botnet primarily targets vulnerable routers to create a massive distributed ...
3 months ago Cybersecuritynews.com
MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet - MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals. This campaign was discovered by researchers at the AhnLab Security Emergency Response ...
2 years ago Bleepingcomputer.com
15 Best Bandwidth Monitoring Tools in 2025 - By providing real-time data on network usage, bandwidth monitoring tools enable proactive management and quick resolution of issues that could impact network performance. It provides real-time monitoring of network performance, traffic analysis, and ...
5 months ago Cybersecuritynews.com
New botnet malware exploits two zero-days to infect NVRs and routers - A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution vulnerabilities to infect routers and video recorder devices. The malware hijacks the devices to make them part of its DDoS swarm, ...
2 years ago Bleepingcomputer.com
VB.NET Proxy and VPN Check with IP2Location.io - Virtual Private Network servers are proxy servers that people use daily when browsing the Internet. As most of us are aware, websites track their visitors for advertising and marketing purposes. That's the same reason that people use residential ...
2 years ago Feeds.dzone.com
New Scraper Botnet with 3,600+ Unique Devices Attacking Targets in US and UK - Cyber Security News - GreyNoise analysts identified this previously untracked variant through advanced network fingerprinting techniques, moving beyond conventional signature-based detection to analyze the actual behavior of infected devices. The research team developed a ...
5 months ago Cybersecuritynews.com
Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities - Researchers have discovered an Internet of Things botnet linked with attacks against multiple US government and communications organizations. It comes built with a series of stealth mechanisms and the ability to spread further into local area ...
2 years ago Darkreading.com Volt Typhoon
P2PInfect Botnet Is Now Targeting MIPS-Based IoT Devices - The operator behind the growing P2PInfect botnet is turning their focus to Internet of Things and routers running the MIPS chip architecture, expanding their list of targets and offering more evidence that the malware is an experienced threat actor. ...
2 years ago Securityboulevard.com
Botnet down and administrator arrested in 911 S5 case, FBI says - The FBI and international partners say they have dismantled a massive botnet that had infected more than 19 million IP addresses across 200 countries and was used for years to conceal cybercrime. The 911 S5 botnet's alleged administrator, Chinese ...
1 year ago Therecord.media APT28 Volt Typhoon
Stealthier version of P2Pinfect malware targets MIPS devices - The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS processors, such as routers and IoT devices. Due to their efficiency and compact design, MIPS chips are prevalent in embedded systems like routers, ...
2 years ago Bleepingcomputer.com CVE-2022-0543
Police dismantles botnet selling hacked routers as residential proxies - Court documents show that the now-dismantled botnet infected older wireless internet routers worldwide with malware since at least 2004, allowing unauthorized access to compromised devices to be sold as proxy servers on Anyproxy.net and 5socks.net. ...
7 months ago Bleepingcomputer.com
Previously unidentified botnet infects unpatched TP-Link Archer home routers | The Record from Recorded Future News - Cato Networks found some evidence that the threat actor involved deploys tools to potentially steal data from infected networks.The IP address tied to the threat actor is no longer responding, the researchers said, adding that they have found a new ...
9 months ago Therecord.media CVE-2023-1389
New Eleven11bot botnet infects 86,000 devices for DDoS attacks - A new botnet malware named 'Eleven11bot' has infected over 86,000 IoT devices, primarily security cameras and network video recorders (NVRs), to conduct DDoS attacks. Earlier today, threat monitoring platform The Shadowserver Foundation reported ...
9 months ago Bleepingcomputer.com
Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet - Malware hunters in the United States have set eyes on an impossible to kill botnet packed with end-of-life SOHO routers serving as a covert data transfer network for Volt Typhoon, a Chinese government-backed hacking group previously caught targeting ...
2 years ago Securityweek.com Volt Typhoon Hunters
Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet - Malware hunters in the United States have set eyes on an impossible to kill botnet packed with end-of-life SOHO routers serving as a covert data transfer network for Volt Typhoon, a Chinese government-backed hacking group previously caught targeting ...
2 years ago Packetstormsecurity.com Volt Typhoon Hunters

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)