"Law Enforcement Dismantle Infrastructure of Russian 'RSOCKS' Botnet"

The United States recently announced in a report about the takedown of a botnet operated by Russian cybercriminals that ensnared millions of devices worldwide.  The botnet was dubbed "RSOCKS."  The botnet initially targeted Internet of Things (IoT) devices, including industrial control systems, routers, content streaming devices, and various smart devices, but later expanded to compromising Android devices and conventional computers as well.  It was stated that the purpose of the botnet was to abuse the IP addresses of the compromised devices to reroute internet traffic for paying customers, thus allowing them to hide their real IPs.  It was noted that legitimate proxy services lease IP addresses from ISPs and then provide those IPs to their customers for a fee.  The RSOCKS botnet offered access to the IP addresses of hacked devices without the permission or the knowledge of the owners.  The report stated that individuals could access a web-based "storefront" where they could rent access to proxies for a specific time period.  The RSOCKS botnet's operators asked for $30 per day for access to 2,000 proxies, but the price could go up to $200 per day for access to 90,000 proxies.  Following the purchase, the customer was provided with a list of IP addresses and ports for the botnet's backend servers and could start routing their internet traffic through the compromised devices.  The report claimed that customers of proxy servers such as the RSOCKS botnet were likely launching large scale phishing campaigns and credential stuffing attacks against authentication services and were hiding their real IPs when accessing compromised social media accounts.  To identify the RSOCKS botnet's infrastructure, FBI investigators made undercover purchases.  In early 2017, the FBI identified roughly 325,000 hacked victim devices, which were compromised via brute force attacks.  The investigation also revealed that, in addition to home businesses and individuals, the RSOCKS botnet had compromised large public and private entities, including a hotel, a university, an electronics manufacturer, and a television studio.  The DoJ announced that US authorities worked together with law enforcement in Germany, the Netherlands, and the United Kingdom to take down the botnet's infrastructure.

 

SecurityWeek reports: "Law Enforcement Dismantle Infrastructure of Russian 'RSOCKS' Botnet"

Submitted by Anonymous on