The FBI and international partners say they have dismantled a massive botnet that had infected more than 19 million IP addresses across 200 countries and was used for years to conceal cybercrime.
The 911 S5 botnet's alleged administrator, Chinese national YunHe Wang, was arrested on May 24 and faces up to 65 years in prison, the Department of Justice said.
On Tuesday, Wang and several alleged associates, as well as three Thai businesses, were sanctioned by the Treasury Department in relation to the botnet.
Beginning in 2014, Wang allegedly created and disseminated malware that compromised millions of Windows operating systems, including more than 600,000 IP addresses in the U.S., prosecutors said.
He allegedly generated about $99 million from subscribers to the residential proxy service, which gave people access to the compromised IP addresses so they could mask their online activity.
He faces charges related to computer fraud, wire fraud and money laundering.
Prosecutors say that customers using the service stole $5.9 billion from federal pandemic relief programs through fraudulent applications.
Wang is accused of spreading malware through malicious virtual private network programs like MaskVPN and DewVPN, as well as pirated materials bundled with the malware.
He allegedly had approximately 150 servers worldwide, about half of which were leased from U.S.-based service providers.
Investigators allege Wang used the proceeds from the service to buy property in the U.S., China, Singapore, Thailand, the United Arab Emirates and St. Kitts and Nevis, where he also has citizenship.
A substantial collection of luxury cars - like a Ferrari F8, several BMWs and a Rolls Royce - is subject to forfeiture, along with his 21 properties.
The investigation into 911 S5 came onto law enforcement's radar during an investigation into more than 2,000 fraudulent orders placed with stolen credit cards on an e-commerce platform called ShopMyExchange, which is connected to the Army and Air Force Exchange Service.
The perpetrators in Ghana and the U.S. were allegedly using IP addresses acquired from 911 S5. The Justice Department has taken out multiple botnets this year with links to nation-state hacking activity.
In January, it announced an operation to dismantle a botnet consisting of infected home routers used by the China-linked hacking group Volt Typhoon.
The following month, the DOJ said it dismantled a similar botnet network used by the APT28 group within Russia's Main Intelligence Directorate of the General Staff.
Nurses at Ascension hospital in Michigan raise alarms about safety following ransomware attack.
This Cyber News was published on therecord.media. Publication date: Wed, 29 May 2024 18:10:11 +0000