US Captures IPStorm Botnet, Russia-Moldova Mastermind Pleads Guilty

Nov 15, 2023NewsroomCyber ​​Crime / Network Security

IPStorm Botnet

The US government on Tuesday announced the removal of the IPStorm botnet proxy network and its infrastructure, as the Russian and Moldovan nationals behind the operation pleaded guilty.

“The botnet infrastructure infected Windows systems then further expanded to affect Linux, Mac, and Android devices, victimizing computers and other electronic devices around the world, including in Asia, Europe , North America and South America,” the Department of Justice (DoJ) ) SAYS in a press statement.

Sergei Makinin, who developed and deployed malicious software to infiltrate thousands of internet-connected devices from June 2019 to December 2022, faces a maximum of 30 years in prison.

The Golang-based malware botnet, before it was dismantled, turned infected devices into proxies as part of a scheme for profit, which was then offered to other customers via proxx(.)io and proxy(.)net.

Cybersecurity

“IPStorm is a botnet that abuses a legitimate peer-to-peer (p2p) network called the InterPlanetary File System (IPFS) as a means of hiding malicious traffic,” cybersecurity firm Intezer said. on October 2020.

The botnet is first documented by Anomali in May 2019, and, over the years, has expanded its focus to Batas other operating systems such as Linux, macOS, and Android.

Threat actors who want to hide their malicious activities can buy illegitimate access to more than 23,000 bots for “hundreds of dollars a month” to drive their traffic. Makinin is estimated to have earned at least $550,000 from the scheme.

Pursuant to the plea agreement, Makinin is expected to forfeit the cryptocurrency wallets involved in the offense.

Cybersecurity

“The Interplanetary Storm botnet is complex and used to power various cybercriminal activities by using it as a proxy as a service system for infected IoT devices,” Alexandru Catalin Cosoi, senior director of investigations and Bitdefender’s forensics unit, said in a statement shared by Hacker News.

“Amua initials RESEARCH REVEALS in 2020 discovered valuable clues to the culprit behind its operation, and we are very happy that it helped in the arrest. This investigation is another prime example of law enforcement and the private cybersecurity sector working together to shut down illegal online activities and bring those responsible to justice.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment