FBI and Dutch Police Dismantle Massive Botnet of Hacked Routers in Operation Moonlander

In a significant international cybersecurity operation, the FBI and Dutch National Police have successfully dismantled a sprawling botnet comprising over 7,000 compromised routers. Dubbed “Operation Moonlander,” this joint effort targeted two services—Anyproxy and 5Socks—that allegedly sold access to these hijacked devices, enabling cybercriminals to mask their identities and conduct illicit activities online.

The Operation

On May 7, 2025, law enforcement agencies seized the domains of Anyproxy and 5Socks, replacing their websites with notices indicating the takedown. The U.S. Department of Justice has indicted four individuals—three Russian nationals and one from Kazakhstan—for their roles in operating this botnet. These individuals are accused of exploiting vulnerabilities in outdated routers to build a network that served as a “residential proxy” service for cybercriminals.

You might also like

Facebook Group Admins Hit by Mass Bans

June 25, 2025

Patreon Streamlines Pricing, Raises Cut for New Creators

June 17, 2025

The Threat

he botnet primarily targeted end-of-life routers from manufacturers like Linksys, Cisco, and Cradlepoint. These devices, no longer receiving security updates, were infected with variants of the “TheMoon” malware, granting attackers remote control. Once compromised, the routers were added to the botnet and sold as proxy nodes, allowing malicious actors to obfuscate their locations and activities.

Global Impact

The dismantled botnet had been operational for nearly two decades, posing a significant threat to global cybersecurity. By providing anonymity to cybercriminals, it facilitated a range of illicit activities, including data theft and espionage. The operation underscores the importance of international collaboration in combating cyber threats.

Recommendations

In light of this operation, the FBI advises users to:

• Replace outdated routers with models that receive regular security updates.
• Disable remote administration features on home networking devices.
• Regularly update firmware and change default passwords

By taking these steps, individuals can protect their devices from becoming part of malicious botnets.