Massive 17-Million Device Botnet Dismantled

Law enforcement in the Netherlands has successfully dismantled a massive botnet comprising more than 17 million devices, orchestrated through 200 servers in a coordinated effort between the police and the National Cyber Security Center (NCSC).

The operation, announced on Thursday, was triggered when a security researcher alerted authorities to the sprawling network. The command-and-control infrastructure was hosted within Dutch borders.

“The police then seized several botnet servers from a hosting provider for investigation,” the NCSC stated. “The botnet was taken offline by the provider because it was used for criminal purposes.”

According to the NL Times, the botnet was connected to ASOCKS, a Russia-based firm offering residential proxy services. These services allow clients to mask their locations or identities by routing internet traffic through third-party devices. Such proxies are frequently exploited for illicit activities, including launching DDoS attacks, managing botnet command-and-control servers, conducting phishing operations, and scraping website content.

While Ars could not independently verify the NL Times report, the connection appears plausible. The NCSC’s Thursday announcement linked to a separate post published a day earlier by a nonprofit organization. That Wednesday post, titled “Residential proxies and their major impact on digital security in the Netherlands,” was later updated to include a link to Thursday’s announcement. It warned: “Residential proxies are used to maintain anonymity and circumvent geographical restrictions. In this way, a Dutch organization can be attacked with Dutch proxies that have similarities with ‘regular’ traffic, making cybercrime mitigation more difficult.”