The U.S. Treasury Department has sanctioned a cybercrime network comprising three Chinese nationals and three Thailand-based companies linked to a massive botnet controlling a residential proxy service known as “911 S5.”
Researchers at the Canadian University of Sherbrooke revealed almost two years ago, in June 2022, that this illegitimate residential proxy service lured potential victims by offering free VPN services to install malware designed to add their IP addresses to the 911 S5 botnet.
At the time, the botnet controlled approximately 120,000 residential proxy nodes from all over the world, all of which communicated with multiple command-and-control servers located offshore or hosted within a cloud server.
One month later, investigative journalist Brian Krebs reported that the 911 S5 “imploded” after key components of its business operations were destroyed in a security breach. The proxy botnet was resurrected months later as “CloudRouter,” according to a report February report from cybersecurity company Spur Intelligence.
“The 911 S5 botnet was a malicious service that compromised victim computers and allowed cybercriminals to proxy their internet connections through these compromised computers,” said the Office of Foreign Assets Control (OFAC) on Tuesday.
“Once a cybercriminal had disguised their digital tracks through the 911 S5 botnet, their cybercrimes appeared to trace back to the victim’s computer instead of their own.”
OFAC…
