The FBI has successfully dismantled the IPStorm botnet and its associated infrastructure following a plea deal with the mastermind behind the operation, Sergei Makinin. Makinin, a Russian and Moldovan national, recently pleaded guilty to three hacking charges, exposing a malware scheme that infected thousands of devices across the globe.
This case is yet another example of how widespread cybersecurity risks are, how crucial it is for law enforcement and private cybersecurity companies to work together, and how difficult it is to hold hackers accountable in the face of a constantly changing digital environment.
Why it matters: This victory is part of the ongoing efforts by U.S. law enforcement, including recent actions against Qakbot and Cyclops Blink malware. The IPStorm botnet, initially targeting Windows systems in 2019, expanded its reach to Linux, Mac, and Android devices. The malware infected over 13,500 devices by 2020.
- The botnet’s primary purpose was to turn infected devices into proxies for a for-profit scheme. Access to these proxies was sold through Makinin’s websites, proxx.io, and proxx.net, where customers paid significant sums to hide their internet activities.
- FBI partnerships with private cybersecurity firms, Anomali Threat Research and Bitdefender, were instrumental in uncovering valuable clues leading to Makinin’s identity.
- The FBI opted not to remove the malware from victim devices but focused on disabling Makinin’s infrastructure. This approach avoided controversial actions taken in previous botnet takedowns, where malware was forcibly removed from affected systems.