A vast network of millions of compromised computers, being used to facilitate a wide range of cybercrime, has been disrupted by a multinational law enforcement operation.
35-year-old YunHe Wang, a dual citizen of China and St. Kitts and Nevis, is alleged with co-conspirators to have operated the 911 S5 botnet and created and distributed malware to compromise and hijack millions of Windows computers worldwide.
Methods used to recruit PCs into the botnet included the distribution of free, illegitimate VPN software such as MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN. Once users downloaded these VPN applications, they unknowingly connected to the 911 S5 infrastructure, and became part of the botnet.
In all, devices associated with more than 19 million unique IP addresses appear to have been recruited into the botnet.
Law enforcement claims that Wang generated millions of dollars by offering cybercriminals access to the hijacked IP addresses for a fee, anonymising their online activities.
The US Department of Justice alleges that around 560,000 fraudulent insurance claims were made from IP addresses compromised by the botnet, resulting in a loss exceeding US $5.9 billion.
According to the US Department of Commerce's Bureau of Industry and Security, the criminal scheme netted its operators nearly US $100 million in profit, which was used to buy luxury watches, real estate, and luxury cars, including a Ferrari F8 Spider, two BMWs, and a Rolls Royce.
Law enforcement agencies from the United States, Singapore, Thailand, and Germany collaborated in the operation against the botnet, searching properties, seizing assets worth approximately US $30 million, and dismantling the botnet's infrastructure.
The US Department of Treasury has announced the imposition of sanctions against Wang and two others alleged to have been involved in laundering the proceeds of the criminal scheme.
Wang is charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering.
If convicted on all counts, Wang faces a sentence of up to 65 years in prison.
The 911 S5 botnet began operating in May 2014 and was taken offline by its administrator in July 2022, before rebranding as Cloudrouter in October 2023.
Visitors to the CloudRouter webpage today will see a law enforcement seizure notice.
The FBI has created a webpage that helps users identify and remove applications that may have attempted to recruit them into the 911 S5 botnet.
If you are a company that allows your staff to use their own devices, it's worth bearing in mind that they may also have made inadvertent connections to the 911 S5 botnet.
It would be a good idea to check such devices for possible infection.
This Cyber News was published on www.tripwire.com. Publication date: Thu, 30 May 2024 13:13:05 +0000