The US Department of Justice (DoJ) has dismantled the infrastructure of what it describes as a Russian botnet consisting of millions of Internet of Things (IoT) devices are attacked.
According to the DoJ, RSOCKS is operating as a proxy service, but instead of providing customers with IP addresses that are legally leased from internet service providers (ISPs), the company has provided IP addresses already assigned to the attacked device.
The DoJ said that along with law enforcement partners in Germany, the Netherlands and the UK, it had “dismantled” RSOCKS infrastructure “that attacked millions of computers and other electronic devices around the world.” gender”.
This service is available for use by cybercriminals to conceal the origin of their activity, including credential attacks on login sites.
“It is believed that users of this type of proxy service carried out large-scale attacks against authentication services, also known as credential stuffing, and anonymized themselves when accessing compromised social media accounts or sending malicious emails, such as phishing messages” DOJ said.
RSOCKS’ website advertising its services and pricing has now been replaced with an announcement that it has been seized by the FBI, but customers can previously buy access to the RSOCKS proxy pool from $30 a day for 2,000 proxies to $200 per day for 9,000 proxies, according to the DoJ.
After purchase, customers can download a list of IP addresses and ports associated with one or more of the botnet’s backend servers. Customers can then route malicious internet traffic through compromised victim devices to conceal the true source of the traffic, the DOJ said.
The RSOCKS operators are alleged to have built a proxy service by force-passwording for IoT devices, many of which are put to use with default or password-protected passwords. feebleness.
Operators initially targeted IoT devices to build botnets but have since expanded to Android devices and computers. Victims of the botnet include a university, a hotel, a television studio and electronics manufacturers. Other victims are family businesses and individuals.
The DOJ revealed that it dismantled the botnet when it sealed a search warrant affidavit in the Southern District of California.
“This operation disrupted a Russia-based cybercriminal organization that specializes in conducting cyber intrusions in the United States and abroad,” said FBI Special Agent Stacey Moy.
“Our fight against cybercrime platforms is a critical component of ensuring cybersecurity and safety in the United States. The actions we’re announcing today are a testament to our commitment to that. the FBI’s continued pursuit of foreign threat actors in coordination with our international and private sector partners.”
DoJ in April announced that it disrupted a botnet controlled by the Main Intelligence Service of the Russian Federation (GRU) consisting of thousands of infected WatchGuard and Asus firewall devices.
