← Back to diffwire

Europol and DOJ Shut Down SocksEscort Proxy Network, Freezing $3.5M

12 articles | Updated 2d ago | Created 3d ago
USA CYBERSECURITY

International law enforcement agencies led by the U.S. Department of Justice executed "Operation Lightning" this week to dismantle 'Socks Escort,' a malicious proxy service that enabled cybercriminals worldwide, resulting authorities freezing $3.5 million in cryptocurrency and seizing servers across seven countries from eight nations involved; Europol confirmed the network compromised over 369,000 routers and IoT devices while offering more than 35,000 proxies to facilitate fraud involving tens of millions reported by investigators who also noted its reliance on Linux malware distributed via...

Key Points

  1. 1
    US and European authorities, led by Operation Lightning, dismantled SocksEscort in a coordinated effort involving eight countries.
  2. 2
    The network was built on over 369,000 compromised residential routers infected with the AVRecon malware to provide anonymous proxy services for criminals.
  3. 3
    Socks Escort facilitated large-scale fraud including cryptocurrency account takeovers and ransomware attacks costing victims millions of dollars.

Developments

Mar 13, 05:26 "Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries" (Thehackernews)
Feb 14, 18:03 'Lecsaptak a hatósa_gok a ti_zezreket e_rint_o kibermu_velet' re published on Hvg.hu
Mar 25 Feb 9:56 (Note date discrepancy in source) "Authorities dismantle SocksEscort proxy network behind millions of fraud" reported by Helpnetsecurity

Perspectives

US and European authorities, including Europol and partners from eight countries, have disrupted SocksEscort by dismantling 23 servers across seven nations to stop a proxy network used for crypto fraud.

— [Mar 14:05] DOJ and Europol take down Socks Escort network tied to crypto fraud (Reddit)

The operation involved international law enforcement agencies freezing $3.5 million in cryptocurrency linked to the service, which allegedly compromised over 369,000 routers.

— [Mar 12:47] Authorities Freeze $3.5M in Crypto as Europol DOJ Disrupt 'SocksEscort' Proxy Network (Decrypt)

'Operation Lightning,' led by US authorities and involving private partners like Lumen's Black Lotus Labs, shut down a botnet that relied on edge devices infected with AVRecon malware to distribute Linux-based proxy services.

— [Mar 12:40] Authorities disrupt SocksEscort Proxy BotNet Exploiting IPs Across Countries (Thehackernews)

'Socks Escort' was used by cybercriminals globally not only for fraud but also as a tool to launch ransomware, DDoS attacks, and distribute malware.

— [Mar 12:47] An international law enforcement operation shut down Sockseco (Techcrunch)

'Operation Lightning' took action against the residential proxy network that cost victims tens of millions in fraud by compromising hundreds of thousands of home routers worldwide, with servers located across multiple countries.

— [Mar 12:47] Operating Lightnin takes down SocksEscort (The Register)
Lecsaptak a hatóságok a tízezreket érintő kiberműveletre
Hvg.hu [email protected] (HVG) 2d ago
ICYMI: Operating Lightning takes down SocksEscort proxy network blamed for tens of millions in fraud
The Register The Register 2d ago

International law enforcement agencies seized 23 servers across seven countries in Operation Lightning as part of an investigation into Socks Escort's residential proxy network used for digital fraud costing tens of millions globally and infecting approximately 124,000 users. The FBI also froze $3.5 million linked to the operation while private-sector partners assisted by targeting malware known as AVRecon that compromises routers remotely.

DOJ and Europol take down SocksEscort network tied to crypto fraud
Reddit /u/kirtash93 2d ago

US and European authorities dismantled SocksEscort, a malicious proxy service that compromised over 369,000 devices globally to enable fraud such as cryptocurrency account takeovers since at least 2020. The coordinated international operation seized approximately $5 million in illicit funds from the platform's users while disrupting its servers and domains across multiple countries.

Authorities dismantle SocksEscort proxy network behind millions in fraud
Helpnetsecurity Sinisa Markovic 2d ago

U.S., European Union authorities have dismantled SocksEscort by seizing 34 domains in seven countries to stop a proxy network that exploited millions of compromised routers for fraud costing victims over $1 million. Law enforcement froze approximately €20,586 (about £$3.7M) and disconnected infected devices after the service provided criminals with IP addresses used to conceal their locations during large-scale account takeovers and insurance scams since 2020.

Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
Thehackernews [email protected] (The Hacker News) 2d ago

Europol-led international law enforcement operation "Operation Lightning" dismantled SocksEscort, a criminal proxy service that enslaved approximately 8,000 residential routers worldwide to facilitate large-scale fraud since summer 2020. Authorities from seven countries seized the infrastructure and identified specific victims defrauded of millions in cryptocurrency through schemes utilizing compromised devices for IP masking across over 163 nations.