U.S. and Dutch law enforcement agencies successfully dismantled a large botnet using over 7,000 compromised devices globally. The infected devices primarily included Internet of Things (IoT) hardware and outdated routers lacking recent security updates. These compromised systems were used to power illegal proxy services that masked criminal internet activity worldwide.
TheMoon Malware at the Core.
TheMoon botnet takedown, The malware behind the botnet, known as “TheMoon,” specifically targeted vulnerable routers and end-of-life devices. The operation was tied to domains such as 5socks.net and anyproxy.net, which rented out the proxy network. Cybercriminals paid subscription fees ranging from $9.95 to $110 per month to use these proxy services. These services enabled users to hide their identities while conducting illegal online activities anonymously.
Massive Financial Impact Revealed.
Authorities estimate the operators earned over $46 million from the scheme through cryptocurrency and digital payment platforms.
The illicit funds were used to enrich the individuals running the service, some of whom face criminal charges now. Russian and Kazakhstan nationals were among those charged by the U.S. Department of Justice for their involvement.
Device Infection and Network Spread.
TheMoon malware infected devices by exploiting known software flaws in outdated systems lacking manufacturer support. Black Lotus Labs reported over 1,000 new infections weekly, primarily in the United States and several other regions. More than 50% of the devices communicating with the malware’s control servers were located within U.S. borders.
International Cooperation and Disruption.
The FBI and international partners seized the botnet’s infrastructure and key domains used to manage infected devices.
Lumen Technologies also acted by blocking traffic to and from known malware control points on its network. These steps helped neutralize the botnet’s reach and prevent further spread across vulnerable devices.
User Guidance and Prevention.
The FBI urges individuals and businesses to regularly update device firmware and replace outdated routers when possible. They recommend purchasing devices from trusted vendors that provide regular security patches and long-term support. Home and business networks must prioritize security hygiene to avoid being unknowingly enlisted in future botnets.
Looking Forward.
This TheMoon botnet takedown sends a clear message to cybercriminals exploiting weak infrastructure for profit and anonymity. Authorities continue to monitor global cyber threats and warn users to stay vigilant and proactive with device security.
Read:- Ontinue Launches ION for Advanced IoT and OT Security
