RSOCKS Russian Botnet Is No More as a Result of a Joint Operation
According to the June 16 report by the US Department of Justice, the activity of a Russian botnet RSOCKS has been stopped in a joint operation by the US, German, Dutch, and British law enforcement agencies.
RSOCKS is responsible for hacking millions of network-connected devices. Initially, the botnet targeted IoT devices. The latter group includes industrial control systems, which makes the threats like the one in question highly important. The group, however, infected the Android devices and regular PCs too.
Law enforcement was long aware of RSOCKS activity. The Russian botnet got in the spotlight of police attention back in 2017 when over 300 000 devices in the San Diego district were hacked.
The malefactors monetized their hackings through a website where visitors could rent the segment of the botnet for different periods: days, weeks, months. The price varied from $30 per day (for 2000 proxies) to $200 per day (for 90000 hacked IPs.) Clients then could use bots for whatever they could be used: DDoS attacks, traffic routing, fake commentaries, etc.
The operation involved the undercover purchase of proxies with subsequent reverse inquiry into the Russian botnet back end and its victims. Eventually, the authorities managed to dismantle the infrastructure of the botnet. The Department appreciated the contribution of the foreign colleague agencies and the Black Echo private sector cybersecurity group.
The current operation is a part of a war on cybercrime consistently conducted by the US and Interpol, obviously concentrated around Russia-originating threats.