FBI takes down IPStorm malware botnet

(Image credit: Shutterstock / BeeBright)

IPStorm, a powerful botnet proxy network used to facilitate cybercriminal activity, has been shut down by the FBI. 

The news was confirmed via a press release from the U.S. Attorney's Office, District of Puerto Rico, which outlined how, between 2019 and 2022, Russian and Moldovan national Sergei Makinin built malware that compromised thousands of Windows, Linux, Mac, and Android devices scattered all over the world. 

The malware gave Makinin control over the devices, which he used as proxies for internet traffic. He then sold this traffic as a service to whoever was looking to stay anonymous online.

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Uninstalling malware

The Record reported that by 2020, the botnet was counting more than 13,500 devices. Makinin’s website was advertising more than 23,000 “highly anonymous” proxies from all over the world, and while law enforcement agents speculated he could charge “hundreds” of dollars per user, the hacker himself confirmed amassing at least $550,000 from the scheme. All of the crypto wallets associated with the scheme will be handed over to the authorities, it was confirmed. 

While the infrastructure supporting the botnet was dismantled, the malware was not removed from infected endpoints (something the FBI could have done on its end, and has done it before). As for Makinin himself, the hacker pleaded guilty to three separate charges and is looking at a maximum sentence of 10 years for each count. 

Lately, the FBI has been hard at work, taking down malicious botnets. In late August this year, the law enforcement agency announced the dismantling of Qakbot, one of the biggest and most disruptive botnet malicious networks to exist. In a video announcement posted by the FBI, FBI Director Christopher Wray said the botnet was used by countless cybercriminals, including ransomware operators, to target organizations from all verticals, and of all shapes and sizes, across the United States.

"The victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast," Wray said in the video. "This botnet provided cybercriminals like these with a command-and-control infrastructure consisting of hundreds of thousands of computers used to carry out attacks against individuals and businesses all around the globe."

In this case, the FBI infiltrated the botnet and sent an instruction to all compromised endpoints to uninstall the malware.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.