Botnet IPStorm with 23,000 proxies used for harmful traffic has been dismantled.

Today, the U.S. Department of Justice announced the FBI's successful dismantlement of the IPStorm botnet's network and infrastructure. IPStorm was a botnet proxy service that allowed cybercriminals to conduct malicious activities anonymously, using compromised devices across various operating systems, including Windows, Linux, Mac, and Android.

In connection with the dismantling of IPStorm, Sergei Makinin, a Russian-Moldovan citizen, has pleaded guilty to charges related to computer fraud. Makinin now faces a potential maximum sentence of 10 years in prison.

The Department of Justice's statement highlighted IPStorm's role as a proxy botnet. This botnet enabled cybercriminals and scammers to bypass blocking mechanisms and maintain anonymity by routing their traffic through numerous compromised devices in homes and offices. Victims of IPStorm not only unwittingly facilitated cybercrime activities but also suffered from the hijacking of their network bandwidth and the potential risk of being targeted by more harmful malware.

Makinin operated the proxy service through websites named ‘proxx.io’ and ‘proxx.net,’ boasting over 23,000 anonymous proxies globally. According to the DOJ, from June 2019 to December 2022, Makinin developed and deployed malware to hack thousands of internet-connected devices worldwide, including in Puerto Rico. His operation primarily converted infected devices into proxies for a profit-making scheme, with the service being accessible through Makinin’s websites.

Makinin acknowledged earning at least $550,000 from his proxy services, agreeing to forfeit the cryptocurrency wallets containing his ill-gotten gains.

The law enforcement operation focused on dismantling IPStorm's infrastructure but did not extend to the infected victim computers.

First identified as targeting Windows, IPStorm evolved to compromise Linux systems, including Android-based IoT devices. It was characterized by its modular Golang package design, offering diverse functionalities for various systems. The malware leveraged the InterPlanetary File System (IPFS) for obfuscation and resistance to takedown attempts. Its capabilities included SSH brute-forcing for propagation, antivirus evasion, and persistence.

Through IPStorm, cybercriminals could mask their activities by routing traffic through thousands of devices, with access to the network costing hundreds of dollars per month.

The investigation into IPStorm involved collaboration with multiple law enforcement agencies, including the Spanish National Police Cyber Attack Group, the Dominican National Police-International Organized Crime Division, and the Ministry of the Interior and Police-Immigration Directorate.