Security News > 2022 > June > International operation takes down Russian RSOCKS botnet
A Russian operated botnet known as RSOCKS has been shut down by the US Department of Justice acting with law enforcement partners in Germany, the Netherlands and the UK. It is believed to have compromised millions of computers and other devices around the globe.
The RSOCKS botnet functioned as an IP proxy service, but instead of offering legitimate IP addresses leased from internet service providers, it was providing criminals with access to the IP addresses of devices that had been compromised by malware, according to a statement from the US Attorney's Office in the Southern District of California.
The DoJ said that the RSOCKS botnet operators managed to compromise target devices simply by conducting brute force attacks rather than taking advantage of any software security vulnerabilities.
According to the DoJ, cybercriminals who wanted to use the RSOCKS platform could simply access a web-based storefront which allowed them to pay for access to a pool of proxies for a specified time period, with prices ranging from $30 per day for access to 2,000 proxies to $200 per day for access to 90,000 proxies.
The DoJ believes that users of RSOCKS were conducting various illicit activities, including attacks against authentication services via credential stuffing, or sending malicious email such as phishing messages.
According to the DoJ, victims of the RSOCKS botnet included a number of large public and private organizations, including a university, a hotel, a television studio, and an electronics manufacturer, as well as home businesses and numerous individuals.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/17/rsocks_russia_botnet/