Dutch police dismantled a botnet of 17 million infected devices and seized more than 200 servers linked to cybercrime operations.
Dutch authorities have dismantled a massive botnet consisting of at least 17 million infected devices and seized more than 200 servers used to support cyber-criminal operations.
The takedown was carried out by the Dutch National Police and the National Cyber Security Centre (NCSC) following an investigation that began after a security researcher reported the infrastructure to authorities. Investigators discovered that the botnet was being controlled through more than 200 servers hosted in the Netherlands.
According to the NCSC, the network included millions of compromised computers, smartphones, tablets, routers, and Internet of Things (IoT) devices that had been infected with malware and remotely controlled by threat actors. The infected devices were allegedly used to support a range of cyber-criminal activities, including phishing campaigns, spam distribution, credential attacks, and distributed denial-of-service (DDoS) attacks.
Police seized several of the servers used to operate the network, while the hosting provider involved subsequently took the remaining infrastructure offline after authorities determined it was being used for criminal purposes.
Although Dutch authorities did not officially identify the botnet, multiple reports linked the operation to Asocks, a residential proxy service that allegedly relied on compromised consumer devices to route internet traffic. Residential proxy networks can be used for legitimate privacy purposes, but they are also frequently abused by cyber-criminals seeking to hide the origin of malicious activity.
Researchers have previously connected Asocks to the PROXYLIB campaign, which involved malware embedded in Android applications that secretly transformed infected devices into nodes within a residential proxy network.
Dutch officials warned that residential proxy services pose a growing threat because malicious traffic routed through ordinary home internet connections often appears legitimate, making detection significantly more difficult for security teams. Criminal groups have used such infrastructure for phishing attacks, credential stuffing, malware distribution, click fraud, and other forms of cybercrime.
The operation is believed to be one of the largest botnet disruptions ever conducted by Dutch authorities and highlights the growing role of compromised consumer devices in supporting global cybercrime infrastructure.
Related articles :
- Lazarus Deploys RemotePE Malware in Cyber Attacks
- NASA Staff Tricked in Chinese Phishing Scheme
- NCA Launches Operation Atlantic Against Crypto Phishing
Reports are sourced from official documents, law-enforcement updates, and credible investigations.
Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.
