US Dismantles IPStorm Botnet Proxy Service

Written by

The US authorities have shut down a major botnet comprising tens of thousands of infected endpoints, which cyber-criminals hired to launch various attacks anonymously.

The IPStorm botnet and its infrastructure were dismantled earlier this year, according to the Department of Justice (DoJ).

Its alleged administrator, Russian and Moldovan national Sergei Makinin, pleaded guilty back in September to three counts of fraud and related activity in connection with computers. Each count carries a maximum sentence of 10 years.

The botnet operated from June 2019 to December 2022, turning compromised Windows, Linux, Mac and Android devices from around the world into proxies. These could then be rented out by cyber-criminals through two of Makinin’s websites: proxx.io and proxx.net.

Read more on proxies: FBI: Beware Residential IPs Hiding Credential Stuffing

The proxies enabled threat actors to bypass security filters and anonymize their traffic as they launched various cyber-attacks on victims. According to the DoJ, a single customer could pay hundreds of dollars a month to route their traffic through the botnet.

Makinin is said to have run around 23,000 such proxies as part of the botnet and admitted making at least $550,000 from the scheme.

“It is no secret that in present times, much criminal activity is conducted or enabled through cybernetic means. Cyber-criminals seek to remain anonymous and derive a sense of security because they hide behind keyboards, often thousands of miles away from their victims,” said Joseph González, special agent in charge of the FBI’s San Juan Field Office.

“The FBI’s cyber mission has been to impose risk and consequences on our adversaries, ensuring cyberspace is no safe space for criminal activity. This case is one example of how we are doing just that.”

The FBI urged device owners to keep up to date with the latest security and software patches to mitigate the risk of their machines becoming compromised and conscripted into such a botnet.

What’s hot on Infosecurity Magazine?