Dangerous global botnet fueling residential proxies is being hit in major crackdown

Security researchers from Lumen’s Black Lotus were investigating the ngioweb botnet for more than a year
After identifying the infrastructure and traffic, the company started blocking the data flow
The botnet, and the proxy service NSOCKS, are severely disrupted as a result

Security researchers have disrupted a major malicious botnet, and thus also hurt the proxy service it powered.

Cybersecurity researchers from Lumen’s Black Lotus have released a new report saying they blocked all traffic across their global network that went to, or from, the dedicated infrastructure associated with the ‘ngioweb’ botnet.

The Ngioweb botnet, first spotted in mid-2023, operated more than 35,000 bots (compromised endpoints, basically) every day. The bots were located in 180 countries and were used, first and foremost, to power the NSOCKS proxy service. This “notorious criminal proxy service”, as Black Lotus describes it, is linked to the threat actor known as Muddled Libra. There are also indications that the proxy was used by state-sponsored threat actors such as APT28 (aka FancyBear, a known Russian threat actor).

Disrupting the operation

“At least 80% of NSOCKS bots in our telemetry originate from the ngioweb botnet, mainly utilizing small office/home office (SOHO) routers and IoT devices. Two-thirds of these proxies are based in the U.S.,” the researchers said.

A proxy service allows threat actors to run different malicious campaigns, while hiding their true identity and location, by using a “proxy” – or a middleman device.

Besides operating as a proxy, the ngioweb botnet could also be used to mount disruptive Distributed Denial of Service (DDoS) attacks.

Lumen took more than a year to analyze the botnet and its operations, and while it could not conclude exactly how the hardware was compromised, it speculated that it was most likely through various n-day vulnerabilities.

At press time, the NSOCKS proxy, and the underlying ngioweb botnet are being heavily disrupted by Lumen and its partners, given that the researchers found both the botnet’s architecture, and traffic.

Via BleepingComputer

Source link

Breaking News

Just Like On Black Friday, Amazon Is Offering 50% Off Blink Cameras To Protect Your Home

Miami Open on Sky Sports: All you need to know as Great Britain’s Jack Draper targets tennis’ Sunshine Double | Tennis News

Trump plan to fund Musk’s Starlink over fiber called “betrayal” of rural US

Snickers Is Releasing a New Candy That’s Even Better Than the Original

Skyrim and Fallout veterans’ new open-world RPG is now a roguelike that’s not open-world, after funding issues brought the team “down to a skeleton crew”

Everything You Say to Your Echo Will Soon Be Sent to Amazon, and You Canât Opt Out

The 560-pound Twitter logo from its San Francisco headquarters is up for auction

Sobering revenue stats of 70K mobile apps show why devs beg for subscriptions

This month’s Windows updates are removing the Copilot app (accidentally)

Just Like On Black Friday, Amazon Is Offering 50% Off Blink Cameras To Protect Your Home

Miami Open on Sky Sports: All you need to know as Great Britain’s Jack Draper targets tennis’ Sunshine Double | Tennis News

Trump plan to fund Musk’s Starlink over fiber called “betrayal” of rural US

Snickers Is Releasing a New Candy That’s Even Better Than the Original

Dangerous global botnet fueling residential proxies is being hit in major crackdown

More From Author

Just Like On Black Friday, Amazon Is Offering 50% Off Blink Cameras To Protect Your Home

Miami Open on Sky Sports: All you need to know as Great Britain’s Jack Draper targets tennis’ Sunshine Double | Tennis News

Trump plan to fund Musk’s Starlink over fiber called “betrayal” of rural US

+ There are no comments

Cancel reply

The Secret to These Perfect Garlic Mashed Potatoes Is an Easy Cooking Method You’re Probably Not Using

DJI’s next trick could be a surprise robot vacuum – and no, it sadly won’t fly upstairs

You May Also Like:

Just Like On Black Friday, Amazon Is Offering 50% Off Blink Cameras To Protect Your Home

Miami Open on Sky Sports: All you need to know as Great Britain’s Jack Draper targets tennis’ Sunshine Double | Tennis News

Trump plan to fund Musk’s Starlink over fiber called “betrayal” of rural US

Snickers Is Releasing a New Candy That’s Even Better Than the Original

Skyrim and Fallout veterans’ new open-world RPG is now a roguelike that’s not open-world, after funding issues brought the team “down to a skeleton crew”

Everything You Say to Your Echo Will Soon Be Sent to Amazon, and You Canât Opt Out

The 560-pound Twitter logo from its San Francisco headquarters is up for auction

Sobering revenue stats of 70K mobile apps show why devs beg for subscriptions

Breaking News

Top Tagged

+ There are no comments

The Secret to These Perfect Garlic Mashed Potatoes Is an Easy Cooking Method You’re Probably Not Using

DJI’s next trick could be a surprise robot vacuum – and no, it sadly won’t fly upstairs