Dutch Police Takedown 17M Device Botnet Linked to Asocks Proxy Service

Dutch authorities have successfully dismantled a massive botnet infrastructure responsible for enslaving approximately 17 million compromised devices, including computers, tablets, smartphones, and IoT devices. The operation, conducted by the Dutch Police (Politie) in coordination with the National Cyber Security Center (NCSC), resulted in the seizure of over 200 servers operating within the Netherlands that served as the backend command-and-control (C2) infrastructure for the malicious network. The investigation revealed that a hosting provider had been unknowingly facilitating the botnet's operations until law enforcement intervened and seized the servers, leading to the immediate shutdown of the criminal infrastructure. While official sources did not disclose the botnet's name, Dutch news outlet NL Times identified the service as Asocks, a residential proxy provider that allegedly monetized access to compromised devices enrolled in its network.

The takedown follows the April 2024 discovery of the PROXYLIB campaign by HUMAN's Satori Threat Intelligence team, which identified infected Android devices running proxyware applications from LumiApps and Asocks. According to details from Asocks' website, the platform offered corporate, residential, and mobile proxies with subscription plans ranging from $5 to $15 monthly, including bulk discounts of 5-15% for orders of 10 to 100 proxies. Security researchers note that while residential proxies serve legitimate purposes such as accessing geographically-restricted content and maintaining privacy, the ecosystem has increasingly attracted cybercriminals who leverage compromised devices to route malicious traffic, conduct credential stuffing attacks, and execute distributed denial-of-service (DDoS) operations. The NCSC emphasized that devices typically become part of botnets when threat actors exploit vulnerabilities or use social engineering techniques to gain initial access, after which they deploy malware enabling remote control for criminal activities.

To protect against botnet infections, the NCSC recommends implementing robust security hygiene practices including maintaining up-to-date operating systems, monitoring edge devices like routers, using strong unique passwords with two-factor authentication (2FA), downloading applications exclusively from trusted sources, changing default device credentials, and securing Wi-Fi networks with WPA2 or WPA3 encryption. Organizations and individuals concerned about potential exposure can leverage tools like email breach checker to determine if their credentials have been compromised in related incidents, VPN/proxy detector to identify suspicious network routing, and password checker to ensure login credentials meet security standards.