The FBI has successfully dismantled the notorious IPStorm botnet and apprehended its operator. The operation took place back in September, with the key operator, Sergei Makinin, detained around this time.
FBI Dismantles IPStorm Botnet
The Federal Bureau of Investigation has successfully suspended the activity of the notorious IPStorm botnet. As a result, they have ended the widespread threat it posed to thousands of infected devices globally. The operator behind this nefarious network, Sergei Makinin, is a Russian and Moldovan national who has been arrested. He later confessed to accumulating over half a million dollars by selling access to compromised devices.
Initiated by Makinin in 2019, the IPStorm botnet boasted a formidable network of over 20,000 infected computers during its lifetime. This illegal infrastructure allowed threat actors to clandestinely route traffic through compromised devices. IPStorm runs on Windows, Linux, Mac, and Android operating systems, effectively evading detection by security measures.
IPStorm Botnet Timeline
As I said above, from June 2019 to December 2022, Makinin developed the IPStorm malware. This malware was designed to spread across devices globally and establish control over the infected electronics, effectively knitting them into a cohesive botnet. The primary objective of this botnet was to convert compromised devices into proxies. It appears that he succeeded in his objective. Makinin facilitated access to these proxies through dedicated websites, proxx.io, and proxx.net, creating a lucrative marketplace for cybercriminals seeking covert and untraceable communication channels.
The DoJ elucidated that Makinin offered access to more than 23,000 infected devices, referred to as proxies, charging substantial amounts, often hundreds of dollars per month, for the privilege. The illicit venture proved highly profitable for the operator, with Makinin admitting to amassing at least $550,000 in revenue from renting out the IPStorm botnet. This revelation underscores the financial motivation behind creating and maintaining such sophisticated cyber threats. In a significant development related to the case, Makinin pleaded guilty to seizing control of thousands of electronic devices worldwide and profiting by selling unauthorized access to these compromised systems, according to the US Department of Justice (DoJ).
Legal Actions and Continuing Threats
Although the IPStorm botnet has been taken down, it’s worth noting that the legal efforts didn’t cover the IPStorm malware that still exists on infected devices. Consequently, the malware still threatens compromised systems even though the botnet is now incapacitated. Contrary to one of the previous successful FBI operations against botnets, namely QakBot, they did not command the malware to delete itself from devices.
Either way, the recent target picking strategy of the FBI is obvious. It may sometimes be particularly difficult to behead relatively small and scattered ransomware groups. Meanwhile, humongous botnets that serve ransomware actors and hackers of many other direction are a much easier yet still effective target.