You are here: Home » International » News » Others
Business Standard

US DoJ dismantles Russian botnet infra that hacked millions of devices

The US has dismantled the infrastructure of a Russian botnet which hacked millions of computers and other electronic devices around the world while working as a proxy service.

US Department of Justice | Russia | US government

IANS  |  San Francisco 

Representational Image

The US has dismantled the infrastructure of a Russian botnet which hacked millions of computers and other electronic devices around the world while working as a proxy service.

The US Department of Justice, together with law enforcement partners in Germany, the Netherlands and the UK, brought down a Russian botnet known as RSOCKS that initially targeted Internet of Things (IoT) devices and then expanded into compromising Android devices and conventional computers.

A botnet is a group of hacked internet-connected devices that are controlled as a group without the owner's knowledge and typically used for malicious purposes.

"The RSOCKS botnet compromised millions of devices throughout the world," said US Attorney Randy Grossman.

"Working with public and private partners around the globe, we will relentlessly pursue them while using all the tools at our disposal to disrupt their threats and prosecute those responsible," he said in a statement.

Rather than offer proxies that RSOCKS had leased, the botnet offered its clients access to IP addresses assigned to devices that had been hacked.

The cost for access to a pool of RSOCKS proxies ranged from $30 per day for access to 2,000 proxies to $200 per day for access to 90,000 proxies.

"This operation disrupted a highly sophisticated Russia-based cybercrime organisation that conducted cyber intrusions in the US and abroad," said FBI Special Agent in Charge, Stacey Moy.

Once purchased, the customer could download a list of IP addresses and ports associated with one or more of the botnet's backend servers.

The customer could then route malicious internet traffic through the compromised victim devices to mask or hide the true source of the traffic.

"It is believed that the users of this type of proxy service were conducting large scale attacks against authentication services, also known as credential stuffing, and anonymising themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages," the DoJ explained.



(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)

Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor

First Published: Tue, June 21 2022. 12:32 IST