- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
- 세일포인트 기고 | 2025년을 맞이하며… 머신 아이덴티티의 부상이 울리는 경종
Investigators Disrupt Giant RSOCKS Botnet
Global law enforcers have dismantled a Russian botnet thought to have contained millions of infected machines and devices.
RSocks was rented out to other cyber-criminals who used its proxy servers to remain anonymous as they launched credential stuffing, account takeover, phishing and other attacks, according to the US Department of Justice (DoJ).
FBI investigators went undercover to rent access to the botnet via its web-based “storefront.” In doing so, as far back as 2017, they discovered 325,000 compromised victim devices globally, including several located in San Diego County.
The operation culminated in coordinated action with investigators in Germany, the Netherlands and the UK to dismantle the botnet’s infrastructure.
It’s claimed RSocks was built first from millions of IoT devices, including industrial control systems, routers, AV streaming devices and even smart garage door openers. Later, Android devices and conventional computers were compromised and added to the botnet, according to the DoJ.
It said victims had their devices or machines hijacked via brute force attacks that use automated software to crack open accounts.
“This operation disrupted a highly sophisticated Russia-based cybercrime organization that conducted cyber intrusions in the United States and abroad,” said FBI special agent in charge, Stacey Moy.
“Our fight against cyber-criminal platforms is a critical component in ensuring cybersecurity and safety in the United States. The actions we are announcing today are a testament to the FBI’s ongoing commitment to pursuing foreign threat actors in collaboration with our international and private sector partners.”
There have been several well-publicized attempts to disrupt prolific cybercrime botnets in recent months.
In April, Microsoft and partners took control of 65 command and control (C&C) domains used by the ZLoader gang. A week earlier, the US authorities revealed details of an operation to disrupt the Cyclops Blink botnet before it was used.
It’s believed Cyclops Blink was run by the Russian state. However, operational outages caused by such activity rarely last as threat actors simply compromise new machines to replace those taken out of service.