The Federal Bureau of Investigation (FBI), Defense Criminal Investigative Services (DCIS), and Department of Commerce (DOC) are publishing this announcement to notify the public of the dismantlement of the 911 S5 residential proxy service and to help individuals and businesses better understand and guard against 911 S5 proxy service and botnet.
911 S5 began operating in May 2014 and was taken offline by the administrator in July 2022 before rebranding as Cloudrouter in October 2023. 911 S5 was one of the largest residential proxy services and botnet with over 19 million compromised IP addresses in over 190 countries and confirmed victim losses in the billions of dollars.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Governments on high alert after CISA snuffs out Firestarter backdoor on fed network
April 24, 2026
A US federal agency was successfully targeted by a previously unknown backdoor malware called Firestarter, according to CISA cybersnoops and their UK counterparts – neither of which disclosed the agency’s name. Federal Civilian Executive Branch (FCEB) agencies include NASA; Homeland Security itself (cyberworkers at CISA are part of an operational unit in Homeland Security); the FBI; the DoJ; the IRS; the ...
- When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks
April 22, 2026
Enterprises have long trusted Wi-Fi encryption and client isolation to secure their wireless infrastructure. However, Palo Alto conducted research presented at the NDSS Symposium 2026 that reveals that these safeguards can be breached by a novel set of attack techniques that they call AirSnitch. These techniques exploit subtle security issues in protocol-infrastructure interactions to undermine the ...
- Iran claims US used backdoors to knock out networking equipment during war
April 21, 2026
Iranian media is claiming that the US used backdoors and/or botnets to disable networking equipment during the current war, and Chinese state media is dining out on the allegations. Reports from Iran claim hardware made by Cisco, Juniper, Fortinet, and MikroTik either rebooted or disconnected during recent attacks on Iran – despite the regime disconnecting the ...
- Cisco tells Webex users to patch critical security flaws immediately
April 17, 2026
Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop. Webex Services is a platform for communication and collaboration, letting people hold video meetings, ...
- Russian hacking group targets home and small office routers to spy on users
April 8, 2026
British security officials found that a group linked to the Russian military is spying on users of compromised Small Office/Home Office (SOHO) routers in a broad cyber espionage campaign. A Microsoft blog goes into the technical details of these attacks. The group, which researchers will refer to as APT28, but is also known under names like ...
- Fortinet patches FortiGate Firewall vulnerabilities that allowed hackers to steal enterprise credentials
March 16, 2026
At the start of the year, cybercriminals were exploiting three vulnerabilities in FortiGate Next-Generation Firewalls (NGFW) to establish persistence and move laterally throughout the network. All recorded attacks were stopped before they could do any meaningful harm, and FortiGate has since issued patches to mitigate the risk. Between December 2025 and February 2026, security researchers SentinelOne ...