Do Son 
Recently, the U.S. Department of Justice (DOJ) has unsealed an indictment charging four foreign nationals in connection with two major botnet servicesβAnyproxy and 5socksβused to hijack and monetize vulnerable wireless routers worldwide. The announcement coincides with the FBIβs seizure of the domains Anyproxy.net and 5socks.net, effectively shutting down a malware-powered proxy-for-hire service that has been in operation for over two decades.
According to the DOJ press release, Russian nationals Alexey Viktorovich Chertkov, Kirill Vladimirovich Morozov, Aleksandr Aleksandrovich Shishkin, and Dmitriy Rubtsov (a Kazakhstani national) have been charged with Conspiracy and Damage to Protected Computers, among other offenses.
βThe Indictment alleges that a botnet was created by infecting older-model wireless internet routers worldwide, including in the United States, using malware without their ownersβ knowledge.β
Once infected, these routers were silently reconfigured to serve as proxy servers, granting anonymous access to external users through Anyproxy.net and 5socks.net. The services, which were managed by a company in Virginia and operated through a distributed network of global servers, offered paid subscriptions to this illegal access pipelineβranging from $9.95 to $110 per month.
βThe 5socks.net website advertised more than 7,000 proxies for sale worldwideβ¦ [with] the slogan, βWorking since 2004!ββ
Over the years, this illicit operation is believed to have generated over $46 million in revenue, monetizing hijacked residential and business routers, including in Oklahoma, where the FBI Cyber Task Force discovered malware embedded in unsuspecting usersβ devices.
In addition to the core conspiracy charges, Chertkov and Rubtsov face further counts for False Registration of a Domain Name, having allegedly provided fraudulent identity information while registering the Anyproxy and 5socks domains.
βChertkov and Rubtsov are additionally charged with False Registration of a Domain Nameβ¦ used during the commission of these felony crimes.β
The takedown was enabled through a domain seizure warrant issued in the Eastern District of Virginia, supported by the unsealing of the indictment in the Northern District of Oklahoma. In coordination with foreign law enforcement partners, authorities also seized and disabled the core botnet infrastructure overseas.
Related Posts:
- DOJ Launches Data Security Program to Counter Foreign Data Exploitation
- Cybercriminals Lose: 80% Fewer Unauthorized Cobalt Strikes
- China Targets U.S. Tech Startups through Investments, NCSC Reveals
- U.S. Court Rules Google Abused Ad Tech Dominance, DOJ Pushes for Divestiture
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
