The US Department of Justice (DoJ) has dismantled the infrastructure of what it described as a Russian botnet consisting of millions of hacked Internet of Things (IoT) devices.
According to the DoJ, RSOCKS was operating as a proxy service, but instead of offering customers IP addresses legitimately leased from internet service providers (ISPs), the firm was offering IP addresses that had been assigned to hacked devices.
The DoJ said that together with law enforcement partners in Germany, the Netherlands and the UK it has “dismantled” the infrastructure of RSOCKS “which hacked millions of computers and other electronic devices around the world”.
The service was available for cybercriminals to use to conceal the source of their activity, which included credential attacks on login web pages.
“It is believed that the users of this type of proxy service were conducting large scale attacks against authentication services, also known as credential stuffing, and anonymizing themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages,” the DOJ said.
RSOCKS’s website advertising its services and prices has now been replaced with a message that it has been seized by the FBI, but previously customers could buy access to a pool of RSOCKS proxies from