The US Department of Justice (DoJ) has confirmed authorities have dismantled the RSOCKS botnet, which connected millions of hacked computers and devices worldwide, including ‘Internet of Things’ gadgets like routers and smart garage openers.
Several unnamed large public and private entities have been victims of RSOCKS, including a university, a hotel, a television studio and an electronics manufacturer, the department said.
“It is believed that the users of this type of proxy service were conducting large-scale attacks against authentication services, also known as credential stuffing, and anonymising themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages,” a DoJ statement said.
RSOCKS users paid a fee that ranged from $30 (£24.40) to $200 (£163) per day in order to route malicious internet activity through compromised devices to mask or hide the true source of the traffic. The ‘storefront’ was reportedly set up by a Russian gang.
The operation was led by US FBI officials, with support from German, Dutch and British law-enforcement officials, and it saw undercover agents purchase access to the botnet to identify its backend infrastructure and victims.
“The RSOCKS botnet compromised millions of devices throughout the world,” said US Attorney Randy Grossman.
“Cyber criminals will not escape justice regardless of where they operate. Working with public and private partners around the globe, we will relentlessly pursue them while using all the tools at our disposal to disrupt their threats and prosecute those responsible.”
RSOCKS initially targeted devices including industrial control systems, time clocks, routers, audio and video-streaming devices, as well as consumer devices such as smart garage door openers. Eventually, the botnet expanded into compromising additional types of devices, including Android devices and PCs.
The RSOCKS botnet is the second of its kind that has recently been dismantled by US authorities. In April, the agency had foiled another botnet, known as Cyclops Blink, which was run by a group of hackers thought to be linked to Russia’s security force, the GRU.
The Covid-19 pandemic and the Russian invasion of Ukraine have led to a significant rise in cyber attacks, which have targeted key infrastructures and supply chains. In the last 12 months, nearly 40 per cent of UK businesses have been a target of a cyber attack. E&T