The US Department of Justice has unveiled a significant victory in the battle against cybercrime. The FBI, following a plea deal with the orchestrator of the operation, has successfully dismantled the IPStorm botnet network.
This malware had been routing malicious traffic anonymously through a myriad of devices, including Windows, Linux, Mac, Android and iOS systems globally.
Russian-Moldovan national Sergei Makinin pleaded guilty to three hacking charges in September, with each charge carrying a potential 10-year imprisonment sentence.
According to the Department of Justice, Makinin was active in developing and deploying the malware from June 2019 through December 2022, hacking thousands of internet-enabled devices.
Makinin exploited this network of compromised devices for profit. He sold illegitimate access to these proxies through his websites,
proxx[.]net, amassing at least $550,000. Following his plea, Makinin agreed to forfeit cryptocurrency wallets holding the illicit funds. According to the DoJ’s announcement:
Makinin controlled these infected devices as part of an extensive botnet, which is a network of compromised devices. The main purpose of the botnet was to turn infected devices into proxies as part of a for-profit scheme, which made access to these proxies available through Makinin’s websites, proxx.io and proxx.net. Through those websites, Makinin sold illegitimate access to the infected, controlled devices to customers seeking to hide their Internet activities.
The operation to dismantle IPStorm's infrastructure was a collaborative effort involving the Spanish National Police-Cyber Attack Group and law enforcement in the Dominican Republic. Anomali Threat Research and Bitdefender played crucial roles in identifying the malware and providing valuable information leading to Makinin's capture.
“On 15 October 2020, Bitdefender DRACO team was publishing an extensive white paper on the IPStorm Botnet, ‘Looking Into the Eye of the Interplanetary Storm’,” says Bitdefender’s Chief Security Strategist Alexandru Catalin Cosoi. “The last phrase of the document was “More information about this threat actor can be freely provided to law enforcement agencies by reaching out to [email protected].”
"Well, law enforcement did reach out and we provided technical assistance and valuable actionable intelligence on the potential identity of the suspect.”
Despite the dismantling of IPStorm's infrastructure, the malware remains on many victim devices. Users are advised to watch out for such threats by: