CyberSecurityBoard
Sponsor Register Login

Three Russians, one Kazakhstani charged in takedown of Anyproxy and 5socks botnets | The Record from Recorded Future News

Three Russian nationals — 37-year-old Alexey Viktorovich Chertkov, 41-year-old Kirill Vladimirovich Morozov and 36-year-old Aleksandr Aleksandrovich Shishkin — were charged with conspiracy and damage to protected computers for their role in running botnet services offered through Anyproxy and 5socks. The notice coincides with an alert released by the FBI on Wednesday warning people that end-of-life routers that are no longer supported by the companies that made them were the primary target of the administrators behind Anyproxy and 5socks. A malware campaign allowed the men to reconfigure the routers and offer them for sale as proxy servers through the Anyproxy and 5socks sites. The Justice Department said the website domains were managed by a company based in Virginia and that the four men allegedly earned about $46 million through the infected routers over a 20-year stretch. For years, critical vulnerabilities in routers have been abused by hackers who use them as cover for subsequent attacks or add them to powerful botnets that disrupt websites with bogus traffic. The Justice Department said it seized the domain names Anyproxy.net and 5socks.net — with both sites now featuring a law enforcement takedown banner. The investigation was run out of the Oklahoma City FBI office after multiple businesses and homes in the state were found to have routers infected with the malware used in the campaign. U.S. officials in recent months have raised alarms about TP-Link routers specifically because they are repeatedly being exploited by Chinese hackers who have used them to breach telecommunications giants. Two powerful botnets have been dismantled by law enforcement agencies and the alleged administrators now face criminal charges, U.S. prosecutors said Friday. Lumen found that the group is not using zero-day vulnerabilities and typically exploits an array of bugs to take over devices — specifically targeting end-of-life devices with issues dating back years. U.S. officials worked with law enforcement in Thailand and the Netherlands on the operation as well as Lumen Technologies’ Black Lotus Labs. The 5socks.net website offered more than 7,000 proxies for sale and allowed users to pay monthly fees of up to $110 for access. Compromised routers continue to be a key avenue for Chinese hacking campaigns targeting U.S. critical infrastructure. The law enforcement splash page on the 5socks and Anyproxy sites.

This Cyber News was published on therecord.media. Publication date: Fri, 09 May 2025 19:10:07 +0000


Cyber News related to Three Russians, one Kazakhstani charged in takedown of Anyproxy and 5socks botnets | The Record from Recorded Future News

Three Russians, one Kazakhstani charged in takedown of Anyproxy and 5socks botnets | The Record from Recorded Future News - Three Russian nationals — 37-year-old Alexey Viktorovich Chertkov, 41-year-old Kirill Vladimirovich Morozov and 36-year-old Aleksandr Aleksandrovich Shishkin — were charged with conspiracy and damage to protected computers for their role in ...
1 week ago Therecord.media
Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over - Takedown of malware infrastructure by law enforcement has proven to have an impact, albeit limited, on cybercriminal activity, according to threat intelligence provider Recorded Future. The Emotet takedown, led by Europol and Eurojust in 2021. The ...
1 year ago Infosecurity-magazine.com
Police dismantles botnet selling hacked routers as residential proxies - Court documents show that the now-dismantled botnet infected older wireless internet routers worldwide with malware since at least 2004, allowing unauthorized access to compromised devices to be sold as proxy servers on Anyproxy.net and 5socks.net. ...
1 week ago Bleepingcomputer.com
FBI: End-of-life routers hacked for cybercrime proxy networks - In a related bulletin, the agency confirms that many of these routers are infected with a variant of the "TheMoon" malware, which enables threat actors to configure them as proxies. The FBI warns that threat actors are deploying malware on ...
1 week ago Bleepingcomputer.com
'Sex life data' stolen from UK government among record number of ransomware attacks - Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. It is not known which department the information ...
1 year ago Therecord.media
How the Hive Takedown Impacts Ransomware Prevention - Ransomware experts are widely praising the takedown of the notorious "Hive" criminal infrastructure, but the potential impacts it may have on preventing ransomware ongoing and into the future remains a matter of debate. ...
2 years ago Therecord.media
Signal no longer cooperating with Ukraine on Russian cyber threats, official says | The Record from Recorded Future News - Speaking to Recorded Future News on the sidelines of the Kyiv cyber forum, Demediuk said that Ukraine used “an official communication channel” to reach out to Signal about how the app is being abused by Russians, including for phishing attacks ...
2 months ago Therecord.media
12 Software Dev Predictions for Future - Predicting the future of software development trends is always a tough call. Such trends will also rule the future of the software development industry. Analyzing these future software development trends will put enthusiasts ahead of the competition. ...
1 year ago Feeds.dzone.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates - U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ...
1 year ago Krebsonsecurity.com LockBit
US to sign Pall Mall pact aimed at countering spyware abuses | The Record from Recorded Future News - The announcement comes nearly a week after 21 countries signed a voluntary and non-binding Code of Practice outlining how they intend to jointly regulate commercial cyber intrusion capabilities (CCICs) and combat spyware companies whose products have ...
1 month ago Therecord.media
GitHub restores code following malicious changes to tj-actions tool | The Record from Recorded Future News - On Friday, cybersecurity firm StepSecurity warned of a security incident impacting the tj-actions/changed-files GitHub Action, a popular tool used to track file changes and trigger other actions depending on those alterations. Mureinik told Recorded ...
2 months ago Therecord.media CVE-2025-30066
AI-Powered Russian Network Pushes Fake Political News - Media organizations including Al-Jazeera, Fox News, the BBC, La Croix and TV5Monde are among those impacted. Sometimes legitimate sites are spoofed and hosted on alternative domains such as bbc-uk[. News, while on other occasions, stories are ...
1 year ago Infosecurity-magazine.com
Stolen credentials could unmask thousands of darknet child abuse website users - Thousands of people with accounts on darknet websites for sharing child sexual abuse material could be unmasked using information stolen by cybercriminals, according to research published Tuesday. In a proof-of-concept report, researchers at Recorded ...
10 months ago Therecord.media
British company Advanced fined £3m by privacy regulator over ransomware attack | The Record from Recorded Future News - His comments followed a series of ransomware incidents affecting the healthcare sector last year, including one in which every single household in the Scottish region of Dumfries and Galloway received a letter warning residents that their data was ...
1 month ago Therecord.media LockBit
Two Russians indicted for hacking JFK taxi dispatch system The Register - For a period of two years between September 2019 and September 2021, two Americans and two Russians allegedly compromising the taxi dispatch system at John F. Kennedy International Airport in New York to sell cabbies a place at the front of the ...
1 year ago Theregister.com
Renewable Energy Technology: Powering the Future - Engage in the discussion on how renewable energy technology is set to revolutionize our world and reshape the energy landscape for future generations. From rooftop solar panels to large solar farms, this renewable technology is leading us towards ...
1 year ago Securityzap.com
The Top 5 Ransomware Takedowns - Learn about the recent achievements in the fight against ransomware as law enforcement agencies and cybersecurity organizations successfully disrupt operations, seize infrastructure, and safeguard victims from further attacks. Trigona ransomware, a ...
1 year ago Securityboulevard.com Trigona Ragnar Locker
Alleged Nemesis Market founder charged by federal grand jury with money laundering, drug distribution | The Record from Recorded Future News - Matthew Galeotti, Head of the Justice Department’s Criminal Division, said in a statement that U.S. officials worked with German and Lithuanian law enforcement to seize servers and other infrastructure in order to shut down Nemesis Market in March ...
3 weeks ago Therecord.media
Feds arrest Russians accused of tech smuggling operation The Register - Three Russian nationals were arrested in New York yesterday on charges of moving electronics components worth millions to sanctioned entities in Russia, pieces of which were later recovered on battlefields in Ukraine. Nikolay Goltsev, a ...
1 year ago Theregister.com
RagnarLocker ransoms its last victim as cybercops seize site The Register - Law enforcement agencies have taken over RagnarLocker ransomware group's leak site in an internationally coordinated takedown. Among the agencies involved are Europol's European Cybercrime Centre, the US's Federal Bureau of Investigation, and ...
1 year ago Theregister.com
12 Cybercriminals Arrested Following Takedown of Ghost Communication Platform - The criminals were identified through digital evidence obtained during last year’s international takedown of the Ghost encrypted communication platform, which served as a crucial tool for organized crime groups worldwide. “Today, we have ...
1 month ago Cybersecuritynews.com
Investigation of xDedic cybercrime site reaches 'culmination,' US says - The U.S. Department of Justice said that it has charged nearly 20 individuals for their involvement in the xDedic cybercrime marketplace operation, with more than a dozen already sentenced to prison. Since its takedown in 2019, international law ...
1 year ago Therecord.media
CVE-2021-47011 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
An Italian journalist speaks about being targeted with Paragon spyware | The Record from Recorded Future News - In an interview with Recorded Future News, Cancellato said he is not sure if Prime Minister Giorgia Meloni’s government is tied to the incident, though Paragon has reportedly ended its contract with Italy. [We found] a lot of antisemitic and racist ...
3 months ago Therecord.media

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)