Global Proxy Network Dismantled: Authorities Seize $3.5 Million and Shut Down Massive Botnet

Global authorities have dealt a significant blow to cybercrime operations with the dismantling of Socksescort, a massive proxy network that used malware to hijack over 369,000 routers worldwide. The network, which operated since 2020, sold access to infected home routers, allowing criminals to disguise their IP addresses while carrying out cryptocurrency account takeovers, bank fraud, ransomware attacks, and other schemes.

The operation, dubbed 'Operation Lightning,' was carried out by the U.S. Department of Justice (DOJ), FBI, IRS Criminal Investigation, Europol, Eurojust, and several European law enforcement agencies. The crackdown involved the seizure of 34 domains, shutdown of 23 servers in seven countries, freezing of $3.5 million in cryptocurrency payments, and disconnection of thousands of infected devices from the network.

According to investigators, Socksescort generated approximately $5.7 million for operators while exposing roughly 124,000 proxy users who relied on the botnet's anonymity. Authorities believe evidence from seized servers could lead to additional prosecutions, highlighting the significance of this operation in combating cybercrime.