FBI Botnet Takedown: 911 S5 With 19 Million Infected Devices
2024-6-14 15:0:3 Author: securityboulevard.com(查看原文) 阅读量:7 收藏

The U.S. Department of Justice (DoJ) recently announced the successful takedown of what is likely the largest botnet ever recorded. This network, known as 911 S5, involved 19 million device botnet disruption across 190 countries and was used by various threat actors for numerous cybercrimes. Let’s have a look at the FBI botnet takedown and as well as how to protect yourself from botnets.

FBI Botnet Takedown – The Arrest and Charges


YunHe Wang, a 35-year-old Chinese national, was arrested in Singapore on May 24, 2024. Wang is accused of creating and administering the illegal platform from 2014 until July 2022. He faces multiple charges, including conspiracy to commit computer fraud, wire fraud, and money laundering. If convicted, he could be sentenced to a maximum of 65 years in prison.


Botnet Attack Examples


The Justice Department revealed that the botnet was used for various
malicious activities such as cyber attacks, financial fraud, identity theft, child exploitation, harassment, bomb threats, and export violations. Security journalist Brian Krebs identified Wang as the operator of 911 S5 in July 2022, leading to the service’s abrupt shutdown on July 28, 2022, due to a data breach. Although it briefly reappeared under the name CloudRouter, it has since ceased operations.


FBI Cyber Security Investigations


Residential proxies (RESIPs) route traffic through legitimate user devices, providing anonymity for malicious activities. According to court documents, Wang allegedly spread the malware through free VPN programs like MaskVPN and DewVPN, and through pay-per-install services bundled with pirated software. Wang managed an extensive infrastructure of 150 servers worldwide, including 76 from U.S.-based service providers. These servers were used to control infected devices and offer access to the compromised IP addresses for a fee.


Financial Impact and Fraud


The
911 S5 botnet allowed criminals to bypass financial fraud detection systems, enabling them to steal billions from financial institutions and federal lending programs, including pandemic relief funds. This service facilitated illegal purchases and export of goods using stolen credit cards. Wang is estimated to have generated $99 million from selling access to these compromised IP addresses. He used the proceeds to buy luxury cars, expensive watches, and 21 properties across the U.S., China, Singapore, Thailand, and the UAE.


Digital Assets and International Cybercrime Prevention


Wang’s digital assets include over a dozen domestic and international bank accounts and more than 24 cryptocurrency wallets, with an estimated value of $136.4 million, as revealed by blockchain analytics firm Chainalysis. The
FBI botnet takedown was a collaborative effort between the U.S., Singapore, Thailand, and Germany, resulting in the disruption of 23 domains and over 70 servers critical to the 911 S5 network. Approximately $30 million worth of assets were seized.


Sanctions and Conclusion


In addition to Wang’s indictment, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Wang, his co-conspirator Jingping Liu, and power of attorney Yanni Zheng. The sanctions also targeted three Thailand-based entities owned or controlled by Wang, which were used to purchase real estate.

Matthew S. Axelrod of the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) highlighted the extensive efforts required to dismantle such a large-scale cyber attack. He noted that while the narrative resembles a Hollywood screenplay, it underscores the meticulous botnet infection prevention done by international law enforcement and industry partners in taking down the botnet and making the arrest.

This significant operation of FBI botnet takedown marks a critical victory in the fight against cybercrime, dismantling botnet infrastructure, showcasing the importance of global cooperation in addressing the threats posed by large-scale botnets. Implement robust cybersecurity and stay protected.

The sources for this piece include articles in The Hacker News and SC Media.

The post FBI Botnet Takedown: 911 S5 With 19 Million Infected Devices appeared first on TuxCare.

*** This is a Security Bloggers Network syndicated blog from TuxCare authored by Wajahat Raja. Read the original post at: https://tuxcare.com/blog/fbi-botnet-takedown-911-s5-with-19-million-infected-devices/


文章来源: https://securityboulevard.com/2024/06/fbi-botnet-takedown-911-s5-with-19-million-infected-devices/
如有侵权请联系:admin#unsafe.sh