US dismantles 911 S5 botnet used for cyberattacks, arrests admin

The U.S. Justice Department and international partners dismantled the 911 S5 proxy botnet and arrested 35-year-old Chinese national YunHe Wang, its administrator.
As early as 2011, Wang and his conspirators pushed malware onto victims' devices using multiple malicious VPN applications bundling proxy backdoors.
The VPN apps that added compromised devices to the 911 S5 residential proxy service include MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN. Between 2014 and July 2022, they created a network of millions of residential Windows computers worldwide linked to more than 19 million unique IP addresses, including 613,841 IP addresses in the United States.
Researchers at the University of Sherbrooke revealed in June 2022 that the 911 S5 operators lured potential victims by offering free VPN services to install the proxy malware.
The Justice Department is now serving seizure warrants to registrars and registry entities to seize the following domains used by the criminal network.
Wang collected approximately $99 million by selling access to the proxied IP addresses to cybercriminals for a fee.
The criminals used the compromised devices' Internet connections for a wide range of crimes, including cyber attacks, bomb threats, child exploitation, large-scale fraud, harassment, and export violations.
911 S5 customers also used the illegitimate residential proxy service to submit tens of thousands of fraudulent applications for programs related to the Coronavirus Aid, Relief, and Economic Security Act, 560,000 fraudulent unemployment insurance claims, and over 47,000 Economic Injury Disaster Loan applications, resulting in billions of dollars stolen from financial institutions, credit card issuers, and federal lending programs.
On Tuesday, the U.S. Treasury Department also sanctioned Wang, Jingping Liu, and Yanni Zheng, and three entities that were either owned or controlled by Wang.
Wang faces a maximum penalty of 65 years in prison if convicted on all counts, including conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering.
US govt sanctions cybercrime gang behind massive 911 S5 botnet.
State hackers turn to massive ORB proxy networks to evade detection.
Botnet sent millions of emails in LockBit Black ransomware campaign.
Ebury botnet malware infected 400,000 Linux servers since 2009.
Moldovan charged for operating botnet used to push ransomware.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 29 May 2024 17:15:04 +0000

Cyber News related to US dismantles 911 S5 botnet used for cyberattacks, arrests admin

Treasury Sanctions Creators of 911 S5 Proxy Botnet - The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through ...
5 months ago Krebsonsecurity.com

Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested - The US Justice Department announced on Wednesday that the massive 911 S5 proxy botnet has been dismantled and its alleged administrator, a Chinese national, has been arrested. The Treasury Department earlier this week announced sanctions against ...
5 months ago Packetstormsecurity.com

"Largest Botnet Ever" Disrupted. 911 S5's Alleged Mastermind Arrested - A vast network of millions of compromised computers, being used to facilitate a wide range of cybercrime, has been disrupted by a multinational law enforcement operation. 35-year-old YunHe Wang, a dual citizen of China and St. Kitts and Nevis, is ...
5 months ago Tripwire.com

US dismantles 911 S5 botnet used for cyberattacks, arrests admin - The U.S. Justice Department and international partners dismantled the 911 S5 proxy botnet and arrested 35-year-old Chinese national YunHe Wang, its administrator. As early as 2011, Wang and his conspirators pushed malware onto victims' devices using ...
5 months ago Bleepingcomputer.com

Is Your Computer Part of 'The Largest Botnet Ever?' - The Cloud Router homepage, which was seized by the FBI this past weekend. Cloud Router was previously called 911 S5. On May 24, authorities in Singapore arrested the alleged creator and operator of 911 S5, a 35-year-old Chinese national named YunHe ...
5 months ago Krebsonsecurity.com

Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
5 months ago Cisa.gov

Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
8 months ago Securityboulevard.com

CISA Hosts Second Cyber Resilient 911 Symposium - CISA's Emergency Communications Division led the Cyber Resilient 911 Program's second regional symposium in the Southeast, which included CISA regions 4 and 6 as well as Delaware, Puerto Rico, West Virginia, and the U.S. Virgin Islands. Attendees ...
9 months ago Cisa.gov

Botnet down and administrator arrested in 911 S5 case, FBI says - The FBI and international partners say they have dismantled a massive botnet that had infected more than 19 million IP addresses across 200 countries and was used for years to conceal cybercrime. The 911 S5 botnet's alleged administrator, Chinese ...
5 months ago Therecord.media

Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
10 months ago Bleepingcomputer.com

US Sanctions Three Chinese Men for Operating 911 S5 Botnet - The US Treasury Department on Tuesday announced sanctions against three Chinese nationals accused of creating and operating a botnet named 911 S5. The Treasury's Office of Foreign Assets Control has designated Yunhe Wang, Jingping Liu, and Yanni ...
5 months ago Securityweek.com

US govt sanctions cybercrime gang behind massive 911 S5 botnet - Researchers at the Canadian University of Sherbrooke revealed almost two years ago, in June 2022, that this illegitimate residential proxy service lured potential victims by offering free VPN services to install malware designed to add their IP ...
5 months ago Bleepingcomputer.com

Feds go Fancy Bear hunting, take down Russia's GRU botnet The Register - The US government today said it disrupted a botnet that Russia's GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets. Moobot ...
8 months ago Go.theregister.com

FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
8 months ago Bleepingcomputer.com

New botnet malware exploits two zero-days to infect NVRs and routers - A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution vulnerabilities to infect routers and video recorder devices. The malware hijacks the devices to make them part of its DDoS swarm, ...
11 months ago Bleepingcomputer.com

Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities - Researchers have discovered an Internet of Things botnet linked with attacks against multiple US government and communications organizations. It comes built with a series of stealth mechanisms and the ability to spread further into local area ...
10 months ago Darkreading.com

US Gov Disrupts SOHO Router Botnet Used by Chinese APT Volt Typhoon - The US government on Wednesday announced a major takedown of a botnet full of end-of-life Cisco and Netgear routers after researchers warned it was being used by Chinese state-backed hackers as a covert communications channel. The disruption comes ...
9 months ago Securityweek.com

Bigpanzi botnet infects 170,000 Android TV boxes with malware - A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. Beijing-based Qianxin Xlabs reports that the threat group controls a ...
9 months ago Bleepingcomputer.com

Russian admits building now-dismantled IPStorm proxy botnet The Register - The FBI says it has dismantled another botnet after collaring its operator, who admitted hijacking tens of thousands of machines around the world to create his network of obedient nodes. Sergei Makinin, a Russian and Moldovan national, was cuffed in ...
11 months ago Theregister.com

RUBYCARP hackers linked to 10-year-old cryptomining botnet - A Romanian botnet group named 'RUBYCARP' is leveraging known vulnerabilities and performing brute force attacks to breach corporate networks and compromise servers for financial gain. According to a new report by Sysdig, RUBYCARP currently operates a ...
6 months ago Bleepingcomputer.com

Law enforcement conducts 'largest ever' botnet takedown - In the latest high-profile law enforcement action against cybercrime, agencies disrupted several notorious botnets and malware droppers widely used in ransomware attacks. Europol on Thursday announced that an international law enforcement action, ...
5 months ago Techtarget.com

Botnet sent millions of emails in LockBit Black ransomware campaign - Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign. As New Jersey's Cybersecurity and Communications Integration Cell warned on Friday, the attackers use ZIP ...
5 months ago Bleepingcomputer.com

Latest Cyber News

CVE-2024-43434 - 16 hours ago
CVE-2024-43436 - 16 hours ago
CVE-2024-43438 - 16 hours ago
CVE-2024-43440 - 16 hours ago
CVE-2024-43425 - 16 hours ago
CVE-2024-43426 - 16 hours ago
CVE-2024-43428 - 16 hours ago
CVE-2024-43431 - 16 hours ago
CVE-2024-8442 - 17 hours ago
CVE-2024-24914 - 18 hours ago
CVE-2024-10526 - 19 hours ago
CVE-2024-50169 - 20 hours ago
CVE-2024-50170 - 20 hours ago
CVE-2024-50171 - 20 hours ago
CVE-2024-50172 - 20 hours ago
CVE-2024-51504 - 20 hours ago
CVE-2024-50155 - 20 hours ago
CVE-2024-50156 - 20 hours ago
CVE-2024-50157 - 20 hours ago
CVE-2024-50158 - 20 hours ago

Cyber Trends (last 7 days)

Okta - 11 months ago
23andMe - 11 months ago
Kimsuky - 11 months ago
LogoFAIL - 11 months ago
Gh0st rat - 11 months ago

Trending Cyber News (last 7 days)

CVE-2024-10081 - 1 day ago
CVE-2024-10082 - 1 day ago
CVE-2024-10916 - 1 day ago
CVE-2024-35146 - 1 day ago
CVE-2024-6861 - 1 day ago
CVE-2024-10919 - 1 day ago
CVE-2024-10920 - 1 day ago
CVE-2024-10318 - 1 day ago
CVE-2024-20371 - 1 day ago
CVE-2024-20418 - 1 day ago
CVE-2024-20445 - 1 day ago
CVE-2024-20457 - 1 day ago
CVE-2024-20476 - 1 day ago
CVE-2024-20484 - 1 day ago
CVE-2024-20487 - 1 day ago
CVE-2024-20504 - 1 day ago
CVE-2024-20507 - 1 day ago
CVE-2024-20511 - 1 day ago
CVE-2024-20514 - 1 day ago
CVE-2024-20525 - 1 day ago