The Dutch authorities have announced the dismantling of one of the most significant botnets in recent years, which had control over more than 17 million compromised devices globally. This operation was carried out by the Dutch National Police in collaboration with the National Cyber Security Centre (NCSC).
The investigation was initiated after an information security expert alerted NCSC specialists to suspicious activity originating from a vast network of proxy servers. Subsequent checks revealed that the botnet’s infrastructure was being managed through approximately 200 servers located in Dutch data centers. During the operation, some equipment was seized, and hosting providers disconnected servers associated with the network.
According to the investigation, the botnet was employed for executing phishing campaigns, mass spam distributions, and Distributed Denial of Service (DDoS) attacks against various online resources. Additionally, the infected devices functioned as nodes within a proxy network, enabling malicious actors to mask their locations and disguise harmful traffic as legitimate user activity.
Local media reports suggest a potential link between this network and the ASOCKS service, which offers proxy servers that utilize the IP addresses of ordinary home devices. Networks like these are particularly perilous because distinguishing their traffic from legitimate internet activity is exceptionally difficult.
The National Cyber Security Centre highlighted that such botnets pose a substantial threat to both businesses and everyday users. To mitigate the risk of infection, experts advise individuals to consistently update their software, change default passwords on routers and smart devices, and implement two-factor authentication.
Investigations are ongoing. There is no information yet regarding any arrests or officially named suspects.
About the Author
