The US Department of Justice has taken down the infrastructure of what it describes as a Russian botnet made up of millions of hacked wearables.
US court says RSOCKS operated as a proxy service, but instead of offering customers IP addresses legitimately leased from ISPs, the company offered IP addresses that had been assigned to hacked devices .
The United States said that together with partners in Germany, the Netherlands and the United Kingdom, law enforcement “dismantled” the RSOCKS infrastructure “that hacked into millions of computers and other devices worldwide”.
Cybercriminals could use this service to disguise the source of their activity, which included “credential stuffing” attacks on login web pages.
“Users of this type of service are believed to be carrying out large-scale attacks on authentication services, also known as ‘credential stuffing’, and making themselves anonymous when accessing compromised social media accounts. , or sent malicious emails, such as phishing messages,” the Department of Justice statement said.
The RSOCKS service website has now been replaced with a message that it has been seized by the FBI, but previously customers could purchase access to an RSOCKS proxy pool starting at $30 per day for 2,000 proxies or up to $200 per day for 9,000 proxies, according to US justice.
Once access was purchased, the customer could download a list of IP addresses and ports associated with one or more botnet servers. The customer could then route their internet traffic through the victim’s compromised devices to hide the true source of the traffic, according to the Justice Department.
Connected objects, but not only
RSOCKS operators reportedly built the proxy service by compromising IoT device passwords through brute force attacks. Many of these devices are provisioned with default passwords or are protected with weak passwords.
The operators initially targeted wearable devices to build the botnet, but later expanded their activities to compromise Android devices and computers. Botnet victims included a university, hotel, television studio, and electronics manufacturer. The other victims were home-based businesses and individuals.
US justice revealed that he had taken down the botnet by disclosing a search warrant affidavit in the Southern District of California.
“This operation took down a very sophisticated Russian-based cybercriminal organization that was conducting intrusions in the United States and abroad,” said FBI special agent Stacey Moy.
“Our fight against cybercriminal platforms is a critical part of ensuring cybersecurity and security in the United States. The actions we are announcing today demonstrate the FBI’s continued commitment to pursuing malicious foreign actors in collaboration with our international and private sector partners.”
In April, the US Department of Justice announced that it had taken down a botnet controlled by the Main Intelligence Directorate (GRU) of the Russian Federation and consisting of thousands of infected WatchGuard and Asus firewall devices.