botnet
Coverage of botnet in the Nexus archive.
- NetNut cracked as Google and FBI target 2 million-device botnet
Google, the FBI, and other tech companies have significantly disrupted the NetNut residential proxy network, which had at least 2 million devices in its botnet, primarily small TV-streaming hardware. The operation aims to hinder cybercriminals who use residential proxies to mask malicious activities by making traffic appear legitimate.
- AryStinger botnet infected thousands of D-Link routers worldwide
The AryStinger botnet has infected over 4,000 outdated D-Link routers globally, using them as proxies for malicious traffic. The malware is previously undocumented and targets compromised devices to facilitate cyberattacks.
- Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices
Dutch authorities have dismantled a botnet consisting of at least 17 million infected devices, including computers, tablets, smartphones, and IoT devices. The takedown was conducted by the Dutch Politie and the National Cyber Security Center (NCSC).
- Botnet of more than 17 million devices dismantled
Authorities in the Netherlands dismantled a botnet comprising over 17 million devices managed by 200 servers in a joint operation with the police and National Cyber Security Center. The botnet, hosted in the Netherlands, was taken offline after a security researcher reported it and a hosting provider seized servers due to its use for criminal purposes.
- Dutch cops wrest 17M devices from mystery botnet's clutches
Dutch police dismantled a botnet comprising at least 17 million infected devices, seizing servers in the Netherlands after a tip from the NCSC-NL. The botnet, used for phishing, DDoS attacks, and fraud, targeted poorly secured consumer devices like routers and IoT hardware. Authorities also highlighted rising threats from residential proxy networks used for malicious purposes.
- Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
A Brazilian DDoS protection firm, Huge Networks, was found enabling a botnet that launched massive DDoS attacks against Brazilian ISPs. The CEO claims the attacks resulted from a security breach by a competitor aiming to damage the company's reputation.
- New Mirai campaign exploits RCE flaw in EoL D-Link routers
A new Mirai-based malware campaign is exploiting a high-severity command-injection vulnerability (CVE-2025-29635) in D-Link DIR-823X routers to add devices to a botnet. The routers are end-of-life (EoL), making them a target for attackers.
- SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
Threat actors linked to The Gentlemen ransomware-as-a-service (RaaS) operation are deploying SystemBC proxy malware, with a Check Point analysis revealing over 1,570 victims via a compromised C2 server. The discovery highlights a botnet tied to the ransomware campaign.
- The Gentlemen ransomware now uses SystemBC for bot-powered attacks
The Gentlemen ransomware group is now utilizing the SystemBC proxy malware botnet, which includes over 1,570 corporate hosts, following an investigation into a recent ransomware attack by an affiliate of the gang.
- New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
A new variant of Chaos malware is targeting misconfigured cloud deployments, expanding its scope beyond routers and edge devices. Darktrace reported this development in a recent analysis.