Dutch Authorities Crush Massive Botnet Network Controlling 17 Million Infected Devices

Dutch Authorities Shut Down Massive Botnet Tied to 17 Million Infected Devices

Dutch authorities have dismantled a major botnet operation that had infected at least 17 million devices worldwide, including computers, smartphones, tablets, and Internet of Things (IoT) devices. The network was allegedly used to facilitate cybercriminal activities and malicious attacks.

According to the Dutch Police and the National Cyber Security Center (NCSC), more than 200 servers located in the Netherlands served as the botnet’s backend infrastructure. Authorities seized several of these servers from a hosting provider that had supplied the infrastructure. Following the discovery of criminal activity, the provider reportedly took the entire network offline.

While officials did not publicly identify the botnet, Dutch media outlet NL Times reported that it was linked to Asocks, a company known for offering residential proxy services. Residential proxies route internet traffic through real user devices, making online activity appear legitimate.

The operation is believed to be connected to earlier findings by cybersecurity researchers, who uncovered a campaign known as PROXYLIB in 2024. The campaign involved infecting Android devices with proxyware associated with both Asocks and LumiApps, turning compromised devices into part of a large proxy network.

Asocks advertised corporate, residential, and mobile proxy services through subscription plans ranging from $5 to $15 per month, with discounts available for bulk purchases.

Although residential proxies can serve legitimate purposes, such as accessing region-restricted content and enhancing privacy, they are frequently abused by cybercriminals. Malicious actors can purchase access to networks of compromised devices and use them to disguise attacks, distribute malware, conduct fraud, or bypass security controls.

The NCSC warned that devices can become part of a botnet when attackers gain unauthorized access and install malware that enables remote control. Once compromised, these devices can be used collectively to support a wide range of cybercriminal operations without the owners’ knowledge.

To reduce the risk of infection, cybersecurity experts recommend keeping operating systems updated, monitoring internet-connected devices such as routers, using strong and unique passwords, enabling two-factor authentication, downloading applications only from trusted sources, replacing default device credentials, and securing Wi-Fi networks with WPA2 or WPA3 encryption.