Law enforcement shuts down botnet made of tens of thousands of hacked routers

A global coalition of law enforcement shut down the SocksEscort botnet, which consisted of tens of thousands of hacked routers, facilitating various crimes including bank fraud and ransomware. The operation revealed that 369,000 devices in 163 countries were compromised, costing millions to victims. This botnet, active since 2009, was marked as a significant threat targeting small business and home office routers.

Key Points

• Law enforcement agencies collaborated to dismantle the SocksEscort botnet.
• The botnet comprised over 369,000 compromised routers and IoT devices globally.
• Crimes associated with this botnet included bank theft, ransomware, DDoS attacks, and child exploitation.
• SocksEscort marketed illicit proxy services to criminals, allowing them to hide their real IP addresses.
• Black Lotus Labs reported that SocksEscort was one of the largest botnets targeting SOHO routers.

Relevance

• This incident highlights the growing threat of IoT devices being exploited in cybercrimes, a relevant concern as more devices connect to the internet.
• The rise in ransomware and DDoS attacks aligns with trends in 2025 where such threats continue to evolve with advanced techniques.
• The operation reflects historical efforts by international agencies to combat cybercrime, reminiscent of similar takedown operations in the past.

The shutdown of the SocksEscort botnet underscores an urgent need for improved security measures in IoT devices, as cyber threats continue to evolve and pose significant risks to individuals and businesses.