Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices
The Hacker NewsArchived May 31, 2026✓ Full text saved
Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks. The bot network, per the Dutch Politie and the National Cyber Security Center (NCSC), consisted of at least 17 million infected devices. More than 200 servers located in the Netherlands acted as the
Full text archived locally
✦ AI Summary· Claude Sonnet
Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices
Ravie LakshmananMay 31, 2026IoT Security / Network Security
Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks.
The bot network, per the Dutch Politie and the National Cyber Security Center (NCSC), consisted of at least 17 million infected devices. More than 200 servers located in the Netherlands acted as the platform's backend infrastructure.
According to a statement issued by the NCSC, police officials seized a subset of these servers from a hosting provider that provided the infrastructure. The provider is said to have subsequently taken the botnet offline following its use for criminal purposes.
Although the name of the botnet was not explicitly mentioned, local news outlet NL Times reported that the service in question was Asocks, a company that offers residential proxies. In April 2024, HUMAN's Satori Threat Intelligence team identified a campaign dubbed PROXYLIB that involved infected Android devices with proxyware from LumiApps and Asocks.
Per details shared on Asocks' website, the platform advertises corporate, residential, and mobile proxies for monthly subscriptions between $5 and $15, with 5-15% discounts for bulk purchases ranging from 10 to 100 proxies.
Residential proxies have legitimate uses and privacy benefits, including to access geographically-restricted web resources. However, the ecosystem is also shadowy, with many providers catering to bad actors who purchase access to compromised devices enrolled in these networks to route malicious traffic and carry out cyber attacks.
"Devices can become part of a botnet when they are accessible to malicious actors," NCSC said. "After gaining access, attackers can install malware that allows the device to be controlled remotely. This enables the device to become part of a network used for cybercriminal activities."
To counter the threat posed by botnet malware, it's advised to keep the operating systems up-to-date, maintain visibility of edge devices like routers, use strong passwords, enable two-factor authentication wherever possible, install apps from trusted sources, change default passwords, and secure Wi-Fi networks with WPA2 or WPA3.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
SHARE
Tweet
Share
Share
SHARE
Android, botnet, Cybercrime, cybersecurity, iot security, Malware, network security, Threat Intelligence
⚡ Top Stories This Week
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
The New Phishing Click: How OAuth Consent Bypasses MFA
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
Developer Workstations Are Now Part of the Software Supply Chain
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective
Load More ▼
⭐ Featured Resources
Claim ANY.RUN Anniversary Offer for Faster Malware Analysis
[Guide] Get Key Identity Security Insights From 2026 Snapshot
Discover How to Navigate the Era of Constant Cyber Exposure
[Guide] Learn to Detect AI Typosquatting Risks in Your Domain