Security News > 2024 > May > US dismantles 911 S5 botnet used for cyberattacks, arrests admin

The U.S. Justice Department and international partners dismantled the 911 S5 proxy botnet and arrested 35-year-old Chinese national YunHe Wang, its administrator.

The VPN apps that added compromised devices to the 911 S5 residential proxy service include MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN. Between 2014 and July 2022, they created a network of millions of residential Windows computers worldwide linked to more than 19 million unique IP addresses, including 613,841 IP addresses in the United States.

"Using the dedicated servers, Wang deployed and managed applications, commanded and controlled the infected devices, operated his 911 S5 service, and provided paying customers with access to proxied IP addresses associated with the infected devices."

911 S5 customers also used the illegitimate residential proxy service to submit tens of thousands of fraudulent applications for programs related to the Coronavirus Aid, Relief, and Economic Security Act, 560,000 fraudulent unemployment insurance claims, and over 47,000 Economic Injury Disaster Loan applications, resulting in billions of dollars stolen from financial institutions, credit card issuers, and federal lending programs.

"Working with our international partners, the FBI conducted a joint, sequenced cyber operation to dismantle the 911 S5 Botnet-likely the world's largest botnet ever," said FBI Director Christopher Wray.

US govt sanctions cybercrime gang behind massive 911 S5 botnet.

News URL

https://www.bleepingcomputer.com/news/security/us-dismantles-911-s5-residential-proxy-botnet-used-for-cyberattacks-arrests-admin/