Dutch authorities have taken down a massive botnet that controlled over 17 million infected devices. This operation is one of the biggest disruptions to cybercrime in recent years.
The Dutch National Police and the National Cyber Security Centre (NCSC) led the effort. Investigators found about 200 servers managing the network, all operating from facilities in the Netherlands.
How the Botnet Was Discovered
The investigation began when a cybersecurity researcher told the NCSC about strange activity linked to a large proxy network. Authorities tracked down the infrastructure and started a joint investigation with other law enforcement agencies.
We're a new kind of news feed.
Regular news is designed to drain you. We're a non-profit built to restore you. Every story we publish is scored for impact, progress, and hope.
Start Your News DetoxThe botnet controlled at least 17 million compromised devices. These included computers, smartphones, tablets, routers, and smart home products connected to the internet.
Police seized several servers linked to the network. Hosting providers also shut down parts of the infrastructure after authorities confirmed it was supporting criminal activity.
Cybercriminals used the botnet for attacks and to hide their online operations. Dutch authorities said the network helped with phishing scams, sending out spam, and launching distributed denial-of-service (DDoS) attacks against online services.
The Dutch newspaper NL Times connected the network to ASOCKS, a residential proxy provider based in Russia. Residential proxy services send internet traffic through other people's consumer devices. Users often use these services to hide their location or identity online.
The Dangers of Residential Proxies
Cybersecurity experts are increasingly worried about how residential proxy networks are misused. These systems can mix bad traffic with normal internet activity, making attacks much harder to spot.
The NCSC warned that cybercriminals use residential proxies to get around geographic restrictions and stay anonymous online. The agency noted these services can also make malicious traffic look like regular local internet activity.
"Dutch organizations can be attacked with Dutch proxies that resemble regular traffic," the agency said. This makes it harder for security teams to detect and stop cybercrime.
Law enforcement agencies worldwide are concerned about proxy services linked to botnets. Criminal groups often use them to run phishing networks, gather data from websites, and manage the command centers for cyberattacks.
Protecting Your Devices
Authorities are urging people and businesses to improve their device security. More internet-connected devices are appearing in homes and workplaces, and insecure devices are easy targets for malware and remote takeovers.
The NCSC explained that poorly secured devices often become entry points for malicious software. Once attackers get in, they can control infected hardware without the owners even knowing.
Officials recommend installing software updates quickly and changing default passwords on routers and smart devices. They also suggest enabling two-factor authentication and regularly checking devices connected to home networks.
This takedown highlights growing concerns about insecure Internet of Things (IoT) devices. Millions of smart gadgets are now connected to global networks with limited built-in protections, creating new chances for cybercriminals.
Cybersecurity agencies have repeatedly warned that devices without security updates can quickly become part of large botnets. These botnets can disrupt online services worldwide. Dutch authorities have not yet identified suspects, and the investigation is still ongoing.
