The United States government announced on Tuesday, 14, the removal of the IPStorm botnet and the guilty plea of a man who created and operated the cybercrime service. According to the Department of Justice, the FBI dismantled the infrastructure associated with IPStorm, as well as the proxy network powered by the botnet.
The malware was spread to thousands of Windows, Linux, Mac and Android devices around the world, allowing cybercriminals to use the compromised devices for a proxy service. The proxy service, advertised on proxx.io and proxx.net, can be used by cybercriminals to hide their malicious online activities, with some “clients” paying hundreds of dollars every month to route their traffic through IPStorm-infected devices . Websites advertising the service claimed it was powered by 23,000 proxies.
Sergei Makinin, a Russian and Moldovan national, admitted to creating and operating the botnet between June 2019 and December 2022, pleading guilty in September to three counts of transmitting a program that intentionally caused damage to protected computers. He faces up to ten years in prison for each charge and has agreed to pay back the amount of cryptocurrency he earned as a result of his illegal activities. Makinin told investigators he made at least $550,000 from the scheme.
It appears that the FBI took down the botnet’s infrastructure, but did not attempt to identify affected users or clean compromised devices, as it has done in the past. IPStorm caught the attention of the cybersecurity community in 2019 because it took advantage of the InterPlanetary File System (IPFS) peer-to-peer network, which could make it difficult to detect malicious traffic and disrupt the botnet.
See the original post at: CisoAdvisor
