The US government on Tuesday announced the takedown of the IPStorm botnet and the guilty plea of a man who created and operated the cybercrime service.
According to the Justice Department, the FBI dismantled the infrastructure associated with the IPStorm malware, as well as the proxy network powered by the IPStorm botnet.
The malware was delivered to thousands of Windows, Linux, Mac and Android devices located all around the world, enabling cybercriminals to use the compromised devices for a proxy service.
The proxy service, advertised on proxx.io and proxx.net, could be used by cybercriminals to hide their malicious online activities, with some customers paying hundreds of dollars every month to route their traffic through IPStorm-infected devices. The websites advertising the service claimed that it was powered by 23,000 proxies.
Sergei Makinin, a Russian and Moldovan national, has admitted creating and operating the botnet between June 2019 and December 2022, pleading guilty in September to three counts of transmitting a program that intentionally caused damage to protected computers.
Makinin faces up to 10 years in prison for each count and he has agreed to forfeit the cryptocurrency he earned as a result of his illegal activities. The man told investigators that he obtained at least $550,000 from the scheme.
It seems that the FBI took down the botnet infrastructure, but it did not attempt to identify impacted users or perform a cleanup of compromised devices, as it did in the past.
The IPStorm malware caught the attention of the cybersecurity community back in 2019 because it leveraged the InterPlanetary File System (IPFS) peer-to-peer network, which could make it more difficult to detect malicious traffic and disrupt the botnet.
Related: Emotet Botnet Disrupted in Global Law Enforcement Operation
Related: Glupteba Botnet Still Active Despite Google’s Disruption Efforts
Related: US Charges Russian Oligarch, Dismantles Cybercrime Operation