"SocksEscort maintained an average size of approximately 20,000 distinct victims weekly, with communications routed through an average of 15 command-and-control nodes. Authorities estimate that SocksEscort customers paid a total of more than $5.7 million for the proxy service, and US Justice Department data indicates many users profited substantially from it, with some defrauding victims of hundreds of thousands or even $1 million in individual schemes."
"According to Europol and the US Justice Department, SocksEscort has been powered by compromised routers and other IoT devices, with roughly 363,000 IP addresses from 163 countries linked to the cybercrime service since 2020. In February 2026, just before the takedown operation was initiated, SocksEscort was supported by approximately 8,000 hacked routers, including 2,500 in the US."
"Law enforcement agencies successfully took down and seized 34 domains as well as 23 servers located in seven countries. In addition, the United States froze a total of USD 3.5 million in cryptocurrency. The infected modems used to offer the proxy service have been disconnected from the service."
SocksEscort was a malicious proxy service enabling users to hide their identities and bypass security systems for criminal activities including DDoS attacks, ransomware, and child abuse material distribution. Powered by compromised routers and IoT devices, the service operated approximately 363,000 IP addresses from 163 countries since 2020. By February 2026, roughly 8,000 hacked routers supported the operation, with 2,500 in the US. The service maintained approximately 20,000 distinct victims weekly through 15 command-and-control nodes. Customers paid over $5.7 million for access, with some users profiting hundreds of thousands or millions from schemes. Law enforcement seized 34 domains, 23 servers across seven countries, and froze $3.5 million in cryptocurrency. The FBI identified AVrecon malware as the tool exploiting router and IoT device vulnerabilities.
#cybercrime-disruption #proxy-service-takedown #iot-device-compromise #botnet-malware #law-enforcement-operation
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]