Law enforcement shuts down botnet made of tens of thousands of hacked routers

A global coalition of law enforcement agencies successfully dismantled SocksEscort, a botnet composed of tens of thousands of hacked home and small business routers. The operation, announced by the U.S. Department of Justice and Europol, targeted a network that had compromised over 369,000 routers and IoT devices across 163 countries. SocksEscort was used to facilitate a range of criminal activities, including hacking into victims’ bank and cryptocurrency accounts, filing fraudulent unemployment insurance claims, launching ransomware attacks, and conducting distributed denial of service (DDoS) attacks. The botnet’s operations reportedly caused millions of dollars in losses to Americans. SocksEscort operated by infecting routers with malware called AVRecon, allowing criminals to mask their IP addresses and engage in illicit activities without the knowledge of the device owners. The botnet was marketed exclusively to criminals, with over half of its victims located in the United States and the United Kingdom, enabling highly targeted attacks. Since January, the botnet had grown to approximately