Listen to this Post
A Coordinated Global Takedown Targets Longstanding Cybercriminal Infrastructure
In a significant win for global cybersecurity, U.S. federal authorities have seized the domains Anyproxy.net and 5socks.net, dismantling a sprawling botnet operation that reportedly spanned over two decades. Four foreign nationals have been indicted in connection with the scheme, which compromised thousands of routers worldwideâmostly outdated wireless internet routersâturning them into proxy servers available for illicit use.
The operation, dubbed âOperation Moonlander,â was spearheaded by the U.S. Department of Justice (DOJ) in collaboration with the FBI and international law enforcement agencies in the Netherlands and Thailand. These coordinated efforts disabled the botnet infrastructure and halted a massive profit-making machine that generated over \$46 million through the sale of infected proxy access.
Authorities named three Russian nationals and one Kazakhstani citizen as the alleged masterminds behind the operation. Despite the indictments, none of the suspects have been arrested, and their locations remain unknown due to lack of extradition agreements with their home countries.
Key Highlights and Digest of the Crackdown
Domains Seized: The U.S. Justice Department took control of Anyproxy.net and 5socks.net, both of which are now displaying federal seizure notices.
The Crime: These sites sold unauthorized access to infected routers as proxy servers. Prices ranged from \$9.95 to \$110 monthly.
How It Worked: The malware reconfigured compromised routers, granting third parties stealth access to internet traffic through them.
Legal Action: Indictments were filed against four foreign nationals accused of running the operation and damaging protected computer systems.
Whoâs Accused: Viktorovich Chertkov (37), Kirill Vladimirovich Morozov (41), Aleksandr Aleksandrovich Shishkin (36), and Dmitriy Rubtsov (38). Chertkov and Rubtsov also face charges for false domain registration.
Global Reach: The servers and proxies operated across the world, managed from a U.S.-based company but with international hosting.
Support from Cyber Experts: Lumen Technologiesâ Black Lotus Labs uncovered the depth of the infection and played a crucial role in the investigation.
Scope of Infections: Thousands of compromised IoT devices and end-of-life routers were found, especially in the U.S.
C2 Infrastructure: Malware-infected bots were communicating weekly with command-and-control infrastructure, mainly located in Turkey.
Ongoing Investigation: The FBI Cyber Task Force in Oklahoma continues to uncover residential and business routers affected by the malware.
Court Proceedings: The seizure and indictment documents were unsealed in Virginia and Oklahoma, respectively.
Financial Trail: More than \$46 million in illicit profits linked to proxy subscriptions were traced to the accused operators.
Extradition Challenge: Russia and Kazakhstanâs lack of extradition treaties with the U.S. complicates the legal pursuit of the suspects.
What Undercode Say:
The takedown of Anyproxy and 5socks marks a milestone in the global war against cybercrime. What sets this case apart is not just the technical sophistication, but the longevity of the criminal operation. Operating for over 20 years, 5socks in particular managed to stay under the radar while offering thousands of proxiesâmany of which were silently siphoning internet traffic from unsuspecting victims.
The infected devices, largely composed of aging and unpatched routers, highlight a glaring vulnerability in global digital infrastructure. These older devices, often forgotten after initial setup, present low-hanging fruit for cybercriminals. The malware used was not merely destructive; it was strategic, reconfiguring network pathways to make it appear as though internet traffic originated from a different, âcleanâ source. This kind of proxy obfuscation is commonly exploited in spam campaigns, credential stuffing, data scraping, and cyberespionage.
From a legal standpoint, the indictment of foreign nationals in absentia illustrates a common challenge in cybercrime enforcement: jurisdiction. While the DOJ and FBI can seize U.S.-based assets and domains, bringing perpetrators to trial is another matter entirelyâparticularly when suspects reside in countries with no extradition agreement. This underscores the necessity for a new international legal framework tailored to cybercrime.
Moreover, the operation shows how private cybersecurity firms and public law enforcement can effectively collaborate. Black Lotus Labsâ discovery of 1,000 unique bots communicating with command servers weekly demonstrates the sheer scale of the infection. By sharing this data, private sector actors enabled a coordinated international response.
âOperation Moonlanderâ also signals a shift in how governments handle botnet operations. Rather than simply shutting down infected systems, theyâre pursuing the financial networks behind them. By targeting domain registration fraud, seizing profits, and unveiling the web of infrastructure across continents, the authorities are sending a message: digital borders wonât protect cybercriminals forever.
One critical takeaway for businesses and individuals alike is the importance of securing network hardware. Many routers used in small businesses or homes are often outdated, never patched, and running insecure firmware. These devices become easy targets for malware campaigns, acting as open doors to larger networks.
Looking ahead, this case may serve as a blueprint for future actions against distributed botnets. The key lies in combining cyber forensics, global cooperation, and swift domain takedown procedures to cripple operations financially and operationally. The battle is far from over, but victories like this one show that even the most entrenched cybercriminal operations are not untouchable.
Fact Checker Results:
The DOJ and FBI did indeed seize Anyproxy.net and 5socks.net and indicted four foreign nationals.
Black Lotus Labs corroborated the infection of IoT and end-of-life routers.
Domain takedown and indictments are publicly confirmed through DOJ statements and court records.
Prediction
Given the size and profitability of the botnet, other similar proxy-based cybercrime services may soon be targeted. This action will likely trigger more aggressive domain monitoring and legal coordination between nations. Expect to see further integration of private cybersecurity expertise into public criminal investigations, and a rise in cases targeting malware-infected IoT infrastructure worldwide.
References:
Reported By: cyberscoop.com
Extra Source Hub:
https://www.reddit.com/r/AskReddit
Wikipedia
Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
