Dutch authorities have announced the dismantling of a large scale botnet operation linked to millions of infected devices, including computers, smartphones, tablets, and Internet of Things devices used to conduct malicious cyber activities. According to Dutch Politie and National Cyber Security Center (NCSC), the botnet involved at least 17 million compromised devices that had been silently incorporated into a network capable of supporting cybercriminal operations. Officials stated that more than 200 servers located across the Netherlands functioned as the backend infrastructure supporting the operation, helping facilitate communication and control between infected systems and the broader network.
Authorities revealed that law enforcement agencies moved against a portion of the infrastructure by seizing several servers hosted by a service provider connected to the operation. According to NCSC, the hosting provider later disabled the broader platform after learning that its infrastructure had allegedly been used for criminal activity. While officials did not publicly identify the name of the botnet, reports from Dutch media outlet NL Times suggested the service involved may be Asocks, a company known for providing residential proxy services. Asocks advertises access to residential, mobile, and corporate proxies through monthly subscription models, with pricing reportedly ranging between five and fifteen dollars while offering discounts for larger proxy purchases. The company has drawn attention in cybersecurity circles due to concerns about how compromised devices may be exploited to power such proxy networks.
The case also follows earlier findings from cybersecurity researchers. In April 2024, HUMAN’s Satori Threat Intelligence team identified a campaign named PROXYLIB, which involved infecting Android devices with proxyware connected to LumiApps and Asocks. Researchers observed how compromised devices could unknowingly become part of large proxy ecosystems, enabling external actors to route internet traffic through infected systems. Although residential proxies can have legitimate purposes, such as bypassing geographical restrictions or enhancing privacy for internet users, cybersecurity experts have repeatedly warned that these networks may also be misused by malicious operators to conceal cyberattacks, distribute harmful traffic, or support unauthorized online activity. In many instances, cybercriminal groups are believed to purchase access to compromised networks in order to disguise their operations behind legitimate residential internet connections.
According to NCSC, devices can become part of botnet operations when attackers gain access and install malicious software that enables remote control. Once compromised, these systems may be used without the owner’s knowledge for activities ranging from malicious traffic routing to coordinated cyberattacks. Security experts continue to stress the importance of maintaining updated operating systems, monitoring internet connected devices such as routers, securing wireless networks with WPA2 or WPA3 protection, and changing default passwords that may expose systems to intrusion. Officials also recommend enabling two factor authentication wherever possible and only downloading software or applications from trusted sources to reduce the risk of infection and unauthorized access to connected devices.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
