14 November 2023

IPStorm botnet infrastructure dismantled, operator pleads guilty


IPStorm botnet infrastructure dismantled, operator pleads guilty

The US Department of Justice revealed that the FBI dismantled the IPStorm malware botnet infrastructure, along with the guilty plea of the service’s operator Sergei Makinin.

IPStorm (InterPlanetary Storm) was a malware botnet first spotted in 2019 that has been targeting Windows, Linux, Mac, and Android devices worldwide, including Asia, Europe, North America, and South America. The botnet used a legitimate peer-to-peer network called InterPlanetary File System (hence its name) as a means to obscure malicious traffic. It was found the malware eventually allowed attackers to execute arbitrary PowerShell commands on the victim’s machine.

According to court documents, Makinin, who is a Russian and Moldovan national, developed and deployed malware to compromise thousands of Internet-connected devices across the globe. The primary purpose of the botnet was to turn infected devices into proxies as part of a for-profit scheme.

Makinin made access to these proxies available via his websites, proxx.io and proxx.net, through which he sold illegitimate access to the hacked devices to customers who wanted to hide their internet activities. A single customer could pay hundreds of dollars a month to route traffic through thousands of infected computers. Makinin’s website advertised that he had over 23,000 “highly anonymous” proxies from all over the world. Makinin acknowledged that he gained at least $550,000 from the scheme.

Makinin pled guilty on September 18, 2023, to three counts of criminal charges related to illegal access and causing damage to protected computers. He could face up to 30 years in prison if found guilty. As part of the plea agreement, Makinin will forfeit cryptocurrency wallets linked to the illicit activities.

Back to the list

Latest Posts

Cyber Security Week in Review: April 12, 2024

Cyber Security Week in Review: April 12, 2024

In brief: Microsoft and Palo Alto fix zero-days, Sisense suffers data breach, and more.
12 April 2024
TA547 threat actor targets German orgs with Rhadamanthys info-stealer

TA547 threat actor targets German orgs with Rhadamanthys info-stealer

The group appears to have incorporated LLM-generated PowerShell scripts in their attacks.
11 April 2024
Apple enhances spyware threat notifications

Apple enhances spyware threat notifications

The company will alert users who are individually targeted by mercenary spyware attacks.
11 April 2024