FBI takes down IPStorm malware botnet

Owner of IPStorm malware botnet arrested

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

IPStorm, a powerful botnet proxy network used to facilitate cybercriminal activity, has been shut down by the FBI.

The news wasconfirmedvia a press release from the U.S. Attorney’s Office, District of Puerto Rico, which outlined how, between 2019 and 2022, Russian and Moldovan national Sergei Makinin builtmalwarethat compromised thousands of Windows, Linux, Mac, and Android devices scattered all over the world.

The malware gave Makinin control over the devices, which he used as proxies for internet traffic. He then sold this traffic as a service to whoever was looking to stay anonymous online.

Reader Offer: $50 Amazon gift card with demoPerimeter 81’s Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?)

Uninstalling malware

The Recordreported that by 2020, the botnet was counting more than 13,500 devices. Makinin’s website was advertising more than 23,000 “highly anonymous” proxies from all over the world, and while law enforcement agents speculated he could charge “hundreds” of dollars per user, the hacker himself confirmed amassing at least $550,000 from the scheme. All of the crypto wallets associated with the scheme will be handed over to the authorities, it was confirmed.

While the infrastructure supporting the botnet was dismantled, the malware was not removed from infected endpoints (something the FBI could have done on its end, and has done it before). As for Makinin himself, the hacker pleaded guilty to three separate charges and is looking at a maximum sentence of 10 years for each count.

Lately, the FBI has been hard at work, taking down malicious botnets. In late August this year, the law enforcement agency announced the dismantling of Qakbot, one of the biggest and most disruptive botnet malicious networks to exist. In a video announcement posted by the FBI, FBI Director Christopher Wray said the botnet was used by countless cybercriminals, including ransomware operators, to target organizations from all verticals, and of all shapes and sizes, across the United States.

“The victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast,” Wray said in the video. “This botnet provided cybercriminals like these with a command-and-control infrastructure consisting of hundreds of thousands of computers used to carry out attacks against individuals and businesses all around the globe.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In this case, the FBI infiltrated the botnet and sent an instruction to all compromised endpoints to uninstall the malware.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Owl Labs Meeting Owl 4+ review