Russian Botnet Disrupted In International Cyber Operation – Expert Comments

By   ISBuzz Team
Writer , Information Security Buzz | Jun 20, 2022 01:57 pm PST

Derived from News Release Summary:

The U.S. DOJ, together with law enforcement partners in Germany, the Netherlands and the United Kingdom, have dismantled the infrastructure of a Russian botnet known as RSOCKS which hacked millions of computers and other electronic devices around the world.

  • the RSOCKS botnet, operated by Russian cybercriminals, comprised millions of hacked devices worldwide.
  • The botnet initially targeted Internet of Things (IoT) devices, then expanded into additional types of devices, including Android devices and conventional computers.
  • the RSOCKS botnet offered access to IP addresses assigned to hacked devices.
  • Cybercriminals could navigate to a web-based “storefront” which allowed the customer to pay to rent access to a pool of proxies. The cost for access to a pool of RSOCKS proxies ranged from $30 per day for access to 2,000 proxies to $200 per day for access to 90,000 proxies.
  • It is believed that the users of this type of proxy service were conducting large scale attacks against authentication services, also known as credential stuffing, and anonymizing themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages.
Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Garret F. Grajek
InfoSec Expert
June 20, 2022 9:59 pm

Botnets are a major international concern – and one of the major problems facing internet availability and internet security today – with the Barracuda network investigation revealing 39% of all traffic is malicious bots. These bots are scanning our machines, looking for vulnerabilities, and then deploying to our systems and communicating back to their designated C2s (hacker command and control centers). Enterprise must be aware that this is occurring and acknowledge that vulnerabilities and zero day hacks WILL be discovered. Secure identity governance is needed, since hackers will exploit compromised identities and raise privileges.

Last edited 1 year ago by Garret F. Grajek
Tom Garrubba
Tom Garrubba , Senior Director and CISO
InfoSec Expert
June 20, 2022 9:58 pm

It is great to see that law enforcement is making progress towards taking down these large botnets as of late. Botnets are so dangerous because they control large swaths of vulnerable computer systems at a scale unlike any other attack. Those infected computer pools can then be pointed at legitimate resources and cause havoc. Botnets can perform very disruptive attacks like Distributed Denial of Service or large-scale vulnerability exploitation to sell to initial access brokers who will later lend that access to ransomware gangs.

Last edited 1 year ago by Tom Garrubba

Recent Posts

Would love your thoughts, please comment.x