Dutch authorities have shut down what is believed to be one of the largest botnet operations ever uncovered, disrupting a cybercrime network that compromised more than 17 million internet-connected devices globally. The affected devices reportedly included computers, smartphones, tablets, security cameras, and other connected hardware that were unknowingly used to facilitate large-scale cyberattacks.
According to Dutch investigators, approximately 200 servers located in the Netherlands were seized as part of the operation. These servers allegedly formed the backbone of a sophisticated botnet infrastructure that transformed infected devices into components of a residential proxy network.
A botnet is a collection of compromised devices that cybercriminals can remotely control after infecting them with malware. Such networks are commonly used to launch Distributed Denial of Service (DDoS) attacks, distribute phishing campaigns, send spam, commit fraud, and conceal the origins of malicious online activities.
Dutch media outlet NL Times reported that cybercriminals targeted devices with weak security protections, converting them into nodes within a residential proxy service. Once infected, the devices were used to redirect internet traffic and allegedly help “launch large-scale cyberattacks” without the owners’ knowledge. Authorities confirmed that the network has now been taken offline.
The investigation began after a cybersecurity researcher working with the National Cyber Security Centre (NCSC) identified suspicious activity linked to the botnet. The NCSC, which operates under the Netherlands’ Ministry of Justice and Security, subsequently partnered with Dutch law enforcement agencies to investigate the case. Their efforts led to the identification and seizure of the servers supporting the operation.
While authorities have not disclosed the exact method used to infect more than 17 million devices, cybersecurity experts note that botnets are commonly spread through malicious applications, software vulnerabilities, phishing campaigns, and brute-force attacks.
The dismantled network has reportedly been linked by NL Times to Asocks, a residential proxy service that has previously faced scrutiny over alleged connections to botnet-related activities. However, Dutch police have not officially confirmed any association.
In 2024, cybersecurity company HUMAN reported that a botnet known as Proxylib had infected nearly 190,000 devices and integrated them into Asocks’ proxy network. Researchers connected that operation to a discontinued VPN service and at least 28 Android applications.
Residential proxy services route internet traffic through the IP addresses of ordinary users, making online activity appear to originate from legitimate residential locations. While such services can have lawful uses, including bypassing geographic restrictions, experts warn that they are increasingly being exploited by cybercriminals.
Following the takedown, the NCSC updated its guidance on residential proxy networks and highlighted the risks they pose. In an updated statement, the agency said the enforcement action “demonstrates” how residential proxies pose “a threat to national and international cybersecurity.”
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: