Botnet down and administrator arrested in 911 S5 case, FBI says

The FBI and international partners say they have dismantled a massive botnet that had infected more than 19 million IP addresses across 200 countries and was used for years to conceal cybercrime.
The 911 S5 botnet's alleged administrator, Chinese national YunHe Wang, was arrested on May 24 and faces up to 65 years in prison, the Department of Justice said.
On Tuesday, Wang and several alleged associates, as well as three Thai businesses, were sanctioned by the Treasury Department in relation to the botnet.
Beginning in 2014, Wang allegedly created and disseminated malware that compromised millions of Windows operating systems, including more than 600,000 IP addresses in the U.S., prosecutors said.
He allegedly generated about $99 million from subscribers to the residential proxy service, which gave people access to the compromised IP addresses so they could mask their online activity.
He faces charges related to computer fraud, wire fraud and money laundering.
Prosecutors say that customers using the service stole $5.9 billion from federal pandemic relief programs through fraudulent applications.
Wang is accused of spreading malware through malicious virtual private network programs like MaskVPN and DewVPN, as well as pirated materials bundled with the malware.
He allegedly had approximately 150 servers worldwide, about half of which were leased from U.S.-based service providers.
Investigators allege Wang used the proceeds from the service to buy property in the U.S., China, Singapore, Thailand, the United Arab Emirates and St. Kitts and Nevis, where he also has citizenship.
A substantial collection of luxury cars - like a Ferrari F8, several BMWs and a Rolls Royce - is subject to forfeiture, along with his 21 properties.
The investigation into 911 S5 came onto law enforcement's radar during an investigation into more than 2,000 fraudulent orders placed with stolen credit cards on an e-commerce platform called ShopMyExchange, which is connected to the Army and Air Force Exchange Service.
The perpetrators in Ghana and the U.S. were allegedly using IP addresses acquired from 911 S5. The Justice Department has taken out multiple botnets this year with links to nation-state hacking activity.
In January, it announced an operation to dismantle a botnet consisting of infected home routers used by the China-linked hacking group Volt Typhoon.
The following month, the DOJ said it dismantled a similar botnet network used by the APT28 group within Russia's Main Intelligence Directorate of the General Staff.
Nurses at Ascension hospital in Michigan raise alarms about safety following ransomware attack.


This Cyber News was published on therecord.media. Publication date: Wed, 29 May 2024 18:10:11 +0000


Cyber News related to Botnet down and administrator arrested in 911 S5 case, FBI says

Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested - The US Justice Department announced on Wednesday that the massive 911 S5 proxy botnet has been dismantled and its alleged administrator, a Chinese national, has been arrested. The Treasury Department earlier this week announced sanctions against ...
6 months ago Packetstormsecurity.com
Treasury Sanctions Creators of 911 S5 Proxy Botnet - The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through ...
6 months ago Krebsonsecurity.com
"Largest Botnet Ever" Disrupted. 911 S5's Alleged Mastermind Arrested - A vast network of millions of compromised computers, being used to facilitate a wide range of cybercrime, has been disrupted by a multinational law enforcement operation. 35-year-old YunHe Wang, a dual citizen of China and St. Kitts and Nevis, is ...
6 months ago Tripwire.com
Is Your Computer Part of 'The Largest Botnet Ever?' - The Cloud Router homepage, which was seized by the FBI this past weekend. Cloud Router was previously called 911 S5. On May 24, authorities in Singapore arrested the alleged creator and operator of 911 S5, a 35-year-old Chinese national named YunHe ...
6 months ago Krebsonsecurity.com
Botnet down and administrator arrested in 911 S5 case, FBI says - The FBI and international partners say they have dismantled a massive botnet that had infected more than 19 million IP addresses across 200 countries and was used for years to conceal cybercrime. The 911 S5 botnet's alleged administrator, Chinese ...
6 months ago Therecord.media
US Congress Report Calls for Privacy Reforms After FBI Surveillance 'Abuses' - The FBI and the Biden administration at large have lobbied Congress to reauthorize the 702 program as is, ignoring calls for reform that have grown louder since the beginning of the year, manifesting this month in the form of a comprehensive privacy ...
1 year ago Wired.com
US dismantles 911 S5 botnet used for cyberattacks, arrests admin - The U.S. Justice Department and international partners dismantled the 911 S5 proxy botnet and arrested 35-year-old Chinese national YunHe Wang, its administrator. As early as 2011, Wang and his conspirators pushed malware onto victims' devices using ...
6 months ago Bleepingcomputer.com
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
7 months ago Cisa.gov
FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
10 months ago Bleepingcomputer.com
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
10 months ago Securityboulevard.com
CISA Hosts Second Cyber Resilient 911 Symposium - CISA's Emergency Communications Division led the Cyber Resilient 911 Program's second regional symposium in the Southeast, which included CISA regions 4 and 6 as well as Delaware, Puerto Rico, West Virginia, and the U.S. Virgin Islands. Attendees ...
10 months ago Cisa.gov
Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
1 year ago Bleepingcomputer.com
US Sanctions Three Chinese Men for Operating 911 S5 Botnet - The US Treasury Department on Tuesday announced sanctions against three Chinese nationals accused of creating and operating a botnet named 911 S5. The Treasury's Office of Foreign Assets Control has designated Yunhe Wang, Jingping Liu, and Yanni ...
6 months ago Securityweek.com
US Sanctions Three Chinese Men for Operating 911 S5 Botnet - The US Treasury Department on Tuesday announced sanctions against three Chinese nationals accused of creating and operating a botnet named 911 S5. The Treasury's Office of Foreign Assets Control has designated Yunhe Wang, Jingping Liu, and Yanni ...
6 months ago Packetstormsecurity.com
How the FBI seized BlackCat ransomware's servers - An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. Today, the US Department of Justice confirmed that they seized websites for the ALPHV ransomware ...
1 year ago Bleepingcomputer.com
Feds go Fancy Bear hunting, take down Russia's GRU botnet The Register - The US government today said it disrupted a botnet that Russia's GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets. Moobot ...
10 months ago Go.theregister.com
FBI's latest defense of warrantless S. 702 snooping is China The Register - Analysis The FBI's latest PR salvo, as it fights to preserve its warrantless snooping powers on Americans via FISA Section 702, is more big talk of cyberattacks by the Chinese government. Wray cited an example he's used previously about how, last ...
10 months ago Go.theregister.com
Chinese hackers hid in US infrastructure network for 5 years - The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and ...
10 months ago Bleepingcomputer.com
US Gov Disrupts SOHO Router Botnet Used by Chinese APT Volt Typhoon - The US government on Wednesday announced a major takedown of a botnet full of end-of-life Cisco and Netgear routers after researchers warned it was being used by Chinese state-backed hackers as a covert communications channel. The disruption comes ...
10 months ago Securityweek.com
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
1 year ago Bleepingcomputer.com
Russian admits building now-dismantled IPStorm proxy botnet The Register - The FBI says it has dismantled another botnet after collaring its operator, who admitted hijacking tens of thousands of machines around the world to create his network of obedient nodes. Sergei Makinin, a Russian and Moldovan national, was cuffed in ...
1 year ago Theregister.com
How the FBI Infiltrated the Hive Ransomware Gang Systems - The FBI has recently infiltrated the systems of the Hive ransomware gang, one of the most sophisticated and successful global cybercrime gangs. This infiltration is a major victory for the FBI in its fight against ransomware, cybercrime, and other ...
1 year ago Bleepingcomputer.com
New botnet malware exploits two zero-days to infect NVRs and routers - A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution vulnerabilities to infect routers and video recorder devices. The malware hijacks the devices to make them part of its DDoS swarm, ...
1 year ago Bleepingcomputer.com
BlackCat Ransomware Raises Ante After FBI Disruption - The U.S. Federal Bureau of Investigation disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released ...
1 year ago Krebsonsecurity.com
FBI Director: FISA 702 warrant requirement 'de facto ban' The Register - FBI director Christopher Wray made yet another impassioned plea to US lawmakers to kill a proposed warrant requirement for so-called "US person queries" of data collected via the Feds' favorite snooping tool, FISA Section 702. This controversial ...
1 year ago Theregister.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)