U.S. Takes Down IPStorm Botnet, Russian-Moldovan Mastermind Pleads Guilty


Nov 15, 2023NewsroomCyber Crime / Network Security

The U.S. government on Tuesday announced the takedown of the IPStorm botnet proxy network and its infrastructure, as the Russian and Moldovan national behind the operation pleaded guilty.

“The botnet infrastructure had infected Windows systems then further expanded to infect Linux, Mac, and Android devices, victimizing computers and other electronic devices around the world, including in Asia, Europe, North America and South America,” the Department of Justice (DoJ) said in a press statement.

Sergei Makinin, who developed and deployed the malicious software to infiltrate thousands of internet-connected devices from June 2019 through December 2022, faces a maximum of 30 years in prison.

The Golang-based botnet malware, prior to its dismantling, turned the infected devices into proxies as part of a for-profit scheme, which was then offered to other customers via proxx[.]io and proxx[.]net.


“IPStorm is a botnet that abuses a legitimate peer-to-peer (p2p) network called InterPlanetary File System (IPFS) as a means to obscure malicious traffic,” cybersecurity firm Intezer noted in October 2020.

The botnet was first documented by Anomali in May 2019, and, over the years, broadened its focus to target other operating systems such as Linux, macOS, and Android.

Threat actors who wish to hide their malicious activities could purchase illegitimate access to more than 23,000 bots for “hundreds of dollars a month” to route their traffic. Makinin is estimated to have netted at least $550,000 from the scheme.

Pursuant to the plea agreement, Makinin is expected to forfeit cryptocurrency wallets linked to the offense.


“The Interplanetary Storm botnet was complex and used to power various cybercriminal activities by renting it as a proxy as a service system over infected IoT devices,” Alexandru Catalin Cosoi, senior director of investigation and forensics unit at Bitdefender, said in a statement shared with The Hacker News.

“Our initial research back in 2020 uncovered valuable clues to the culprit behind its operation, and we are extremely pleased it helped lead to arrests. This investigation is another primary example of law enforcement and the private cybersecurity sector working together to shut down illegal online activities and bring those responsible to justice.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Indiana County Files Disaster Declaration Following Ransomware Attack
DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign
5 common Ticketmaster scams: How fraudsters steal the show
AT&T Confirms Data Breach Affecting Nearly All Wireless Customers
Smishing Triad Targets India with Fraud Surge

Leave a Reply

Your email address will not be published. Required fields are marked *