The Russian bot network that infected millions of devices was destroyed/Channel 24 collage
The U.S. Attorney's Office reported that they had succeeded in destroying an extensive Russian bot network. To create it, attackers hacked into millions of devices around the world for several years.
The international cyber operation became known on June 16. Law enforcement officers from Germany, the Netherlands and Great Britain were also involved in it.
The Russians even hacked Android
We are talking about the infrastructure of the Russian botnet, known as RSOCKS . Russian cybercriminals infected various gadgets with their Trojan and then used them for malicious purposes.
This operation disrupted a highly sophisticated Russian cybercriminal organization that was carrying out cyber incursions in the United States and abroad. – said the representative of the FBI after the lockdown.
The Russians infected millions of devices, including:
- industrial control systems;
- watches;
- audio/video streaming devices;
- intelligent garage door openers;
- computers;
- Android phones and others.
< li> routers;
Experts note that the attackers used any electronics with an Internet connection. Since each of these devices has its own IP address, they can be used, for example, to carry out a large-scale cyber attack.
How much did access to the “service” cost
The cost of accessing the pool of broken devices in RSOCKS varied. It ranged from $30 a day for access to 2,000 proxies to $200 a day for access to 90,000 proxies. Anyone could pay this amount and use the IP addresses for criminal activities.
The US is already looking for Russian cybercriminals
It is not yet known how many of the botnet organizers were detained. However, US Attorney General Randy Grossman said the search for many of them continues.
Cybercriminals will not run away from justice no matter where they operate. Working with public and private partners around the world, we will constantly pursue them using all the tools at our disposal,” Grossman said.
The publicly available warrant indicates that FBI investigators openly used secret purchases to gaining access to the botnet. An initial clandestine purchase in early 2017 found about 325,000 compromised victim devices worldwide, with numerous devices located in San Diego County.
RSOCKS even infected US government devices
Analyzing the victim devices, investigators determined that the botnet had been created through brute-force attacks. The RSOCKS servers maintained a permanent connection to the broken device so that they would always be able to use them.
The agents then continued to check and found that several large public and private organizations were the victims of the botnet. In particular, these were:
- university;
- hotel;
- television studio;
- electronics manufacturer;
- households and individuals.
At three affected locations, with consent, investigators replaced the compromised devices with government-controlled computers (ie honeypots), and all three were later compromised by RSOCKS. The FBI has located at least six victims in San Diego.
Pay attention! In September 2020, FBI Director Christopher Wray announced the Bureau's new cyber threat strategy. The strategy focuses on increasing the threat to cybercriminals through the FBI's unique powers and world-class capabilities.
