View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
June 17, 2022updated 20 Jun 2022 9:58am

Russian botnet that compromised millions of devices dismantled by FBI

The network had compromised IoT devices, mobile phones and PCs, allowing criminals to launch attacks.

By Matthew Gooding

A Russian botnet which hacked millions of connected devices around the world has been dismantled in an international sting led by the US with the support of the UK.

The FBI has taken down a major Russian botnet (pic: South_agency/istock)

Agents from the FBI, working with counterparts in the UK, Germany and the Netherlands, have taken down the infrastructure behind RSOCKS in operation which saw undercover agents purchase access to the botnet to identify its backend infrastructure and victims. The operation was revealed in unsealed court documents published in the Southern District of California yesterday.

“The RSOCKS botnet compromised millions of devices throughout the world,” said US Attorney Randy Grossman. “Cyber criminals will not escape justice regardless of where they operate. Working with public and private partners around the globe, we will relentlessly pursue them while using all the tools at our disposal to disrupt their threats and prosecute those responsible.” 

How did the RSOCKS botnet work?

RSOCKS hacked into millions of devices, and offered cybercriminals the chance to purchase access to the IP addresses of the compromised systems. The Russian gang behind the botnet provided an online ‘storefront’ where other criminals could pay for access on a daily basis.

The US Department of Justice says hackers could then route malicious internet traffic through the compromised victim devices to mask or hide the true source of the traffic. “It is believed that the users of this type of proxy service were conducting large scale attacks against authentication services, also known as credential stuffing, and anonymizing themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages,” a DoJ statement said.

Who were the victims of the RSOCKS botnet?

The DoJ says RSOCKS initially targeted Internet of Things devices including industrial control systems, time clocks, routers, audio and video streaming devices, as well as consumer devices such as smart garage door openers. The botnet expanded into compromising additional types of devices, including Android devices and PCs.

Victims identified by investigators span major public and private sector organisations around the world, including university, a hotel, a television studio, and an electronics manufacturer, as well as home businesses and individuals.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

RSOCKS botnet take-down reflects FBI’s aggressive new stance

RSOCKS is the second Russian botnet the FBI has dismantled recently. In April, Tech Monitor reported how the agency had foiled another botnet, known as Cyclops Blink, which was run by a group of hackers thought to be linked to Russia’s security force, the GRU.

Speaking to Tech Monitor in April, Greg Austin, programme head of cyber, space and future conflict at the International Institute for Strategic Studies, said such operations suggest the FBI has been granted new authority to tackle cybersecurity threats aggressively, particularly since Russia’s invasion of Ukraine.

“It certainly looks like it’s breaking new ground for the FBI,” Austin said. “It’s likely they’ve been given an authority and clear approval to do this.” He added: ““We can expect that the US is acting unilaterally in cyberspace at a much more robust level against Russia than before [the war stated].”

Read more: Emotet botnet’s return – what CISOs need to know

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.