US ‘dismantles’ Russian botnet that hacked millions of devices

Netherlands and the United Kingdom along with the law enforcement partners in Germany have “dismantled” the infrastructure of a Russian botnet known as RSOCKS. The botnet had “hacked millions of computers and electronic devices around the world”, the US Department of Justice (DoJ) said in an official statement.   

It mentions that a “botnet is a group hacked internet-connected devices that are controlled as a group without the owner’s knowledge and typically used for malicious purposes. 

According to the DoJ, RSOCKS was working as a proxy service, but rather than offering proxies that RSOCKS had leased, the RSOCKS botnet offered its clients access to IP addresses that has been assigned to hacked devices.  

The service was there for the criminals to cover the source of their activity which comprised attacks on login web pages. 

“It is believed that the users of this type of proxy service were conducting large scale attacks against authentication services, also known as credential stuffing, and anonymising themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages,” said the DoJ. 

RSOCKS operators apparently built the proxy service by conducting brute force attacks for IoT devices. “The RSOCKS backend servers maintained a persistent connection to the compromised device,” it said. 

A brute force attack is a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys. 

The DoJ said that it has crushed the botnet as it unsealed a search warrant affidavit in the Southern District of California. 

“This operation disrupted a highly sophisticated Russia-based cybercrime organisation that conducted cyber intrusions in the United States and abroad,” said FBI Special Agent in Charge Stacey Moy. 

“Our fight against cybercriminal platforms is a critical component in ensuring cybersecurity and safety in the United States. The actions we are announcing today are a testament to the FBI’s ongoing commitment to pursuing foreign threat actors in collaboration with our international and private sector partners,” Moy added.