DOJ shuts down RSOCKS botnet used by hackers in malicious campaigns

June 24, 2022
DOJ Shuts Down RSOCKS Botnet Russia Hackers Malicious Campaigns

Cybersecurity authorities have taken down an infrastructure used by a Russian botnet, RSOCKS, that compromised millions of internet-connected devices and computers worldwide. The threat actors have utilised the botnet to execute credential-stuffing attacks against hacked devices, an attack tactic that automatically enters a user’s login credentials on login pages of websites.

The DOJ’s published press release also stated how the threat actors used the seized malicious IP addresses to hide as they accessed hacked social media user accounts or spread phishing emails among their targets.

 

Cybercriminals rented the compromised devices’ IP addresses from the RSOCKS botnet through various subscription rates and periods.

 

Moreover, the RSOCKS botnet offered the infected IP addresses via the surface web or clear web, in contrast to how these botnets are usually sold through the dark web or underground marketplaces. Their clients pay $30 for daily access to about 2,000 proxy machines and $200 for daily access to about 90,000 proxies.

Alongside several law enforcement groups from the UK, Netherlands, and Germany, the DOJ found that the threat actors have also launched brute-force attacks against the hacked devices. Some victims include hotel firms, media firms, universities, electronic manufacturers, corporations, and individuals.

The infrastructure of the RSOCKS botnet was seized after an FBI undercover had purchased from the website that sold the services and identified over 300,000 compromised devices from all across different countries.

In capturing the malicious operations, the authorities began replacing the compromised devices with honeypot mechanisms consented by the victims. The law enforcement groups also added that these cyber offenders will always fail to evade justice regardless of location. Thus, it has been advantageous for them to work with cybersecurity officers globally to hunt and dismantle all cybercriminal operations.

These joint cybersecurity operations have already disrupted several malicious campaigns worldwide, including this highly sophisticated Russian-based RSOCKS botnet responsible for compromising millions of victims.

About the author

Leave a Reply