top of page

Massive 17 Million Device Botnet Successfully Dismantled by Dutch Authorities

  • May 30
  • 2 min read

Key Findings


  • Dutch authorities dismantled a botnet comprising at least 17 million infected devices across computers, tablets, and smartphones

  • Police seized over 200 servers hosted within the Netherlands that controlled the botnet infrastructure

  • The operation was linked to ASOCKS, a Russia-based residential proxy service used for criminal activities

  • A security researcher's report to the National Cyber Security Centre (NCSC) triggered the investigation

  • The botnet was taken offline after the hosting provider confirmed its use for criminal purposes


Background


Dutch law enforcement, working alongside the National Cyber Security Centre, took action against one of the largest botnets discovered in recent years. The investigation began when a security researcher reported the suspicious network activity to the NCSC, which then collaborated with police to conduct a full investigation. The discovery revealed the scale of the operation and the location of its command infrastructure within Dutch hosting facilities.


Connection to ASOCKS Proxy Service


The botnet was tied to ASOCKS, a residential proxy service based in Russia that provides anonymity tools to hide users' identities and locations online. While these services have legitimate uses, they are frequently abused by cybercriminals. The company operates by routing internet traffic through compromised consumer devices, making malicious activity appear to originate from normal residential users rather than obvious attack sources.


How Devices Were Infected


Compromised devices were covertly infected with malware through various methods. In 2024, security researchers at HUMAN Security discovered that 28 Android applications on Google Play secretly enrolled up to 190,000 devices into the proxy network without user knowledge or consent. Attackers typically exploit software vulnerabilities or weak security configurations to gain remote control of devices, turning them into unwitting participants in criminal operations.


Criminal Applications and Detection Challenges


Residential proxy botnets are used for multiple types of cybercrimes including DDoS attacks, phishing campaigns, web scraping, and botnet command-and-control operations. These services complicate detection and mitigation efforts because the malicious traffic appears legitimate and originates from normal internet users' devices. This makes it difficult for security teams and network administrators to identify and block the attacks.


Protective Measures


Users can reduce their risk of botnet infection by keeping systems and applications updated with the latest security patches, using strong passwords and enabling two-factor authentication, securing wireless networks with proper encryption, and avoiding suspicious downloads and links. Installing software only from trusted sources and regularly monitoring connected devices with security tools also helps prevent compromise. People should also uninstall apps they no longer use and carefully research applications before installation.


Sources


  • https://securityaffairs.com/192890/malware/botnet-of-17-million-devices-dismantled-in-the-netherlands.html

  • https://arstechnica.com/security/2026/05/botnet-of-more-than-17-million-devices-dismantled

  • https://www.reddit.com/r/cybersecurity/comments/1trdf28/botnet_of_more_than_17_million_devices_dismantled

  • https://www.helpnetsecurity.com/2026/05/29/dutch-police-disrupts-botnet-composed-of-17-million-devices

Recent Posts

See All

Comments


  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page