An international law enforcement operation has successfully dismantled a large cybercriminal network that relied on tens of thousands of compromised routers and internet-connected devices. The operation targeted a botnet known as SocksEscort, which authorities say was used by cybercriminals to launch a range of online attacks and illegal activities across the world.
The botnet was built by infecting routers and Internet of Things devices that belonged to individuals and small businesses. Once compromised, these devices were secretly turned into part of a global network controlled by cybercriminals. Investigators said the network ultimately affected more than 369,000 devices across 163 countries, making it one of the largest known router-based botnets in recent years.
Authorities explained that the network was primarily used to provide proxy services that helped criminals hide their real locations while carrying out cyberattacks. By routing malicious traffic through thousands of hacked devices, attackers were able to conceal their identities and make their activities appear to originate from legitimate residential internet connections. This made it significantly harder for investigators and cybersecurity systems to detect the true source of attacks.
According to officials, the botnet supported several types of cybercrime operations. These included ransomware attacks, distributed denial-of-service attacks that overwhelm websites and online services, and other forms of online exploitation. Investigators also said the network had been used to distribute illegal content and facilitate other serious cyber offenses.
The takedown involved cooperation between multiple international agencies and cybersecurity organizations. Authorities were able to identify the infrastructure used to control the botnet and shut down the servers responsible for managing the infected devices. As part of the operation, the website used to operate the service was seized and replaced with a law enforcement notice informing visitors that the platform had been dismantled.
Cybersecurity experts say the case highlights the growing risks posed by poorly secured internet-connected devices. Many routers and IoT products still rely on weak passwords or outdated software, making them vulnerable to hacking. Once compromised, these devices can be quietly recruited into botnets that operate at a massive global scale without the owners’ knowledge.
Authorities are now urging users and businesses to update router firmware, change default passwords, and apply security patches regularly to prevent similar infections in the future. Experts say basic security practices remain one of the most effective ways to prevent devices from being hijacked and used in large-scale cybercrime networks.
