There is a big incentive for both espionage motivated actors and financially motivated actors to set up proxy botnets. These can serve as an anonymization layer, which can provide plausibly geolocated IP addresses to scrape contents of websites, access stolen or compromised online assets, and launch cyber-attacks.
Examples of proxy botnets set up by advanced persistent threat (APT) actors are the VPNFilter botnet and Cyclops Blink, both deployed by Sandworm and disrupted by the Federal Bureau of Investigation (FBI) in 2018 and 2022, respectively. Another example is the SOHO botnet alleged to be operated by a Chinese company called the Beijing Integrity Technology Group; this botnet was disrupted in September 2024 by the FBI.
Read more…
Source: Trend Micro
Related:
- The Golden Scale: Bling Libra and the Evolving Extortion Economy
October 10, 2025
In recent months, threat actors claiming to be part of a new conglomerate dubbed Scattered Lapsus$ Hunters (aka SP1D3R HUNTERS, SLSH) have asserted responsibility for laying siege to customer Salesforce tenants as part of a coordinated effort to steal data and hold it for ransom. At least one industry source refers to this criminal syndicate as ...
- SonicWall confirms all of its cloud backup customers were affected by data breach
October 10, 2025
All companies using SonicWall’s MySonicWall cloud backup feature have had their firewall configuration files exposed in a recent cyberattack, the company has admitted. After initially claiming “fewer than 5%” of its customer base was affected, the company has revealed the true scale of the incident. In mid-September 2025, SonicWall warned its firewall customers to reset their ...
- Identifying and Mitigating Potential Velociraptor Abuse
October 9, 2025
Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams ...
- RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits
October 9, 2025
The Trend Zero Day Initiative (ZDI) Threat Hunting and Trend Research teams have identified a significant RondoDox botnet campaign that targets a wide range of internet-exposed infrastructure. This campaign consists of over 50 exploits, including unpatched router flaws across over 30 vendors, targeting vulnerabilities found in routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV ...
- Inside Russian Market: Uncovering the Botnet Empire
October 9, 2025
The online cybercrime marketplace, Russian Market, has evolved from selling Remote Desktop Protocol (RDP) access to becoming one of the most active underground hubs for information-stealing malware logs, where stolen user credentials are traded daily. Each compromised login represents a potential gateway into corporate systems, enabling threat actors to launch credential-based attacks that put businesses, governments, ...
- Weaponized AI Assistants & Credential Thieves
October 9, 2025
Just weeks after the s1ngularity attack weaponized AI assistants, the NPM ecosystem was rocked by a far more dangerous threat: a self-propagating worm named Shai-Hulud. In a sobering demonstration of this rapid escalation in attack techniques, the worm has compromised over 187 packages, including several developer-facing tools published by cybersecurity firm CrowdStrike. These two distinct events ...