U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Botnet of 17 Million Devices Dismantled in the Netherlands

Dutch authorities seized 200 servers running a 17-million-device botnet linked to proxy service Asocks. Dutch authorities have taken offline a massive botnet of at least 17 million devices and seized more than 200 servers at a local provider that supported the operation. Infected devices included computers, tablets, and smartphones. The action was carried out following […]

Dutch police botnet

Dutch authorities seized 200 servers running a 17-million-device botnet linked to proxy service Asocks.

Dutch authorities have taken offline a massive botnet of at least 17 million devices and seized more than 200 servers at a local provider that supported the operation. Infected devices included computers, tablets, and smartphones.

The action was carried out following an investigation from the Police in collaboration with the country’s cybersecurity agency, the National Cyber ​​Security Centre (NCSC).

“The network was discovered following a report from a security researcher to the NCSC. The NCSC subsequently informed the police. Together, they took up the report and conducted an investigation.” reads the press release published by NCSC. “The investigation revealed that the botnet consisted of at least 17 million infected devices and that the 200 servers used to host the infrastructure were located in the Netherlands.”

A security researcher uncovered the botnet after reporting it to the Dutch NCSC, which worked with police to investigate. Police seized several servers for forensic analysis, while the hosting provider shut down the infrastructure after confirming it was being used for criminal operations.

According to the Netherland Times, the botnet is linked to ASOCKS,  a residential proxy seller that provides services designed to hide users’ identities and locations online. These services can be abused for cybercrime, including DDoS attacks, phishing campaigns, botnet operations, and web scraping. Dutch authorities warned that residential proxies make malicious traffic appear legitimate, complicating detection and mitigation efforts because attacks can seem to originate from normal local internet users.

“The Asocks network operated as a “residential proxy service,” in which cybercriminals covertly infected poorly protected consumer devices with malware.” reports NLTimes. “These compromised devices were then used to route internet traffic and launch large-scale cyberattacks, all without the knowledge of their rightful owners.”

In 2024, security firm HUMAN Security linked the Proxylib botnet to ASOCKS after finding infected devices routing traffic through ASOCKS infrastructure. Researchers discovered 28 Android apps on Google Play that secretly enrolled up to 190,000 devices into the proxy network without users’ knowledge or consent.

Devices can become part of a botnet after attackers exploit vulnerabilities or weak security to install malware and take remote control. To reduce the risk, users should keep systems and apps updated, use strong passwords and two-factor authentication, secure Wi-Fi networks, avoid suspicious downloads or links, install software only from trusted sources, and regularly monitor connected devices with security tools.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, botnet)