May 30th – International law enforcement has removed a major botnet network from the internet. It was linked to large-scale cyber attacks, along with bomb threats, export violations and child exploitation.
Investigators believe that the botnet network has infected over 19 million IP addresses, including 613,841 IP addresses that are based in the U.S.
The primary operator is believed to have generated roughly $99 million from subscribers to a residential proxy service, which provided people with access to compromised IP addresses.
How it worked
According to court documents, operators used virtual private network (VPN) services to deliver the malware. Operators also used a pay-per-install model. In some cases, the malware was bundled with third-party program files.
One core operator allegedly managed 150 dedicated servers worldwide. Roughly 50% of these were leased from U.S.-based service providers.
Nation-state actors?
Authorities have determined that nation-state actors were not behind the botnet. Rather, operators were financially motivated.
The primary operator is believed to have used the acquired funds to purchase luxury cars, wrist watches, 21 residential or investment properties and 20 internet domains.
Charges against a primary operator include conspiracy to commit wire fraud, substantive computer fraud and conspiracy to commit money laundering.
For more on this story, click here. Lastly, to receive stellar cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.