RSOCKS- Russian Botnet Taken down

An international operation took down a Russian botnet made up of millions of hacked internet connected devices.

The operators of a botnet known as RSOCKS leased access to tens of thousands of compromised internet connected devices at at time to carry out a variety of malicious actions.

The FBI have been investigating RSOCKS dating back to late 2016. The agency’s investigators used undercover purchases to obtain access to the botnet to identify backend infrastructure and victims.

FBI investigators learned that RSOCKS customers were routed through a Florida-based hosting company The Constant Company, or “Vultr” to access the botnet’s services.

Investigators also identified multiple victims in San Diego whose devices been compromised and used as part of the botnet, including an unnamed university, hotel, television studio, an electronics manufacturer, home businesses and individuals.

FBI investigators were able to replace compromised devices with government controlled systems and all three were subsequently compromised by known RSOCKS server IP addresses

Warrant details

The warrant seeks additional information about Vultr’s customers associated with specific IP addresses including names, session logs, event logs and billing information, among other materials.

In September 2020, FBI announced the new strategy for countering cyber threats. The strategy focuses on imposing risk and consequences on cyber adversaries through the FBI’s unique authorities, world-class capabilities, and enduring partnerships.