There is a big incentive for both espionage motivated actors and financially motivated actors to set up proxy botnets. These can serve as an anonymization layer, which can provide plausibly geolocated IP addresses to scrape contents of websites, access stolen or compromised online assets, and launch cyber-attacks.
Examples of proxy botnets set up by advanced persistent threat (APT) actors are the VPNFilter botnet and Cyclops Blink, both deployed by Sandworm and disrupted by the Federal Bureau of Investigation (FBI) in 2018 and 2022, respectively. Another example is the SOHO botnet alleged to be operated by a Chinese company called the Beijing Integrity Technology Group; this botnet was disrupted in September 2024 by the FBI.
Read more…
Source: Trend Micro
Related:
- CVE-2026-21858: Maximum-severity n8n flaw lets randos run your automation server
January 8, 2026
A maximum-severity bug in the popular automation platform n8n has left an estimated 100,000 servers wide open to complete takeover, courtesy of a flaw so bad it doesn’t even require logging in. The vulnerability, uncovered by researchers at security outfit Cyera, carries a CVSS score of 10.0 and has been dubbed “ni8mare” for good reason. Tracked ...
- North Korean Kimsuky Actors Leverage Malicious QR Codes in Spearphishing Campaigns Targeting U.S. Entities
January 8, 2026
The Federal Bureau of Investigation (FBI) is releasing this FLASH to alert NGOs, think tanks, academia, and other foreign policy experts with a nexus to North Korea of evolving tactics employed by the North Korean state-sponsored cyber threat group Kimsuky and to provide mitigation recommendations. As of 2025, Kimsuky actors have targeted think tanks, academic institutions, ...
- Patch Cisco ISE bug now before attackers abuse proof-of-concept exploit
January 8, 2026
Cisco patched a bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products that allows remote attackers with admin-level privileges to access sensitive information – and warned that a public, proof-of-concept exploit for the flaw exists online. ISE is Cisco’s network access control and security policy platform, and companies use it to ...
- CISA warns of active attacks on HPE OneView and legacy PowerPoint
January 8, 2026
The US Cybersecurity and Infrastructure Security Agency (CISA) added both a newly discovered flaw and a much older one to its catalog of Known Exploited Vulnerabilities (KEV). The KEV catalog gives Federal Civilian Executive Branch (FCEB) agencies a list of vulnerabilities that are known to be exploited in the wild, along with deadlines for when they ...
- Illinois health department exposed over 700,000 residents’ personal data for years
January 8, 2026
The health department for the U.S. state of Illinois has confirmed that a years-long security lapse exposed the personal information of more than 700,000 state residents. The Illinois Department of Human Services (IDHS) said in a statement on January 2 that an internal mapping website containing residents’ personal information, which officials used for assisting with the ...
- Fake WinRAR downloads hide malware behind a real installer
January 8, 2026
A member of Malwarebytes Labs web research team pointed the author to a fake WinRAR installer that was linked from various Chinese websites. When these links start to show up, that’s usually a good indicator of a new campaign. So, the author downloaded the file and started an analysis, which turned out to be something of ...