The U.S. Department of Justice – in collaboration with law enforcement partners in Germany, the Netherlands, and United Kingdom – has dismantled the infrastructure of a Russian botnet known as RSOCKS, which is responsible for hacking millions of computers and other electronic devices around the world.
The RSOCKS comprised millions of hacked devices worldwide. It initially targeted Internet of Things (IoT) devices – including industrial control systems, time clocks, routers, audio/video streaming devices, and smart garage door openers, which are connected to, and can communicate over the internet, and therefore, are assigned IP addresses.
The botnet also expanded into compromising additional types of devices, including Android devices and conventional computers.
“Our fight against cybercriminal platforms is a critical component in ensuring cybersecurity and safety in the United States. The actions we are announcing today are a testament to the [Federal Bureau of Investigation’s] ongoing commitment to pursuing foreign threat actors in collaboration with our international and private sector partners,” said FBI Special Agent in Charge Stacey Moy in a statement.
This operation disrupted a highly sophisticated Russia-based cybercrime organization that conducted cyber intrusions in the United States and abroad, he added.
According to an unsealed warrant, FBI investigators used undercover purchases to obtain access to the RSOCKS botnet to identify its backend infrastructure and its victims. During the investigation, they discovered that in early 2017 approximately 325,000 devices throughout the world were compromised, with numerous of those devices located within San Diego County, Calif.
“Cyber criminals will not escape justice regardless of where they operate. Working with public and private partners around the globe, we will relentlessly pursue them while using all the tools at our disposal to disrupt their threats and prosecute those responsible,” said U.S. Attorney Randy Grossman.