US seizes Anyproxy, 5socks botnets and indicts alleged administrators | CyberScoop<\/title> <meta name=\"description\" content=\"The long-running botnet operation used malware that infected older wireless internet routers over a 20-year period, according to federal prosecutors.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/anyproxy-5socks-botnets-seized\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"US seizes Anyproxy, 5socks botnets and indicts alleged administrators\"> <meta property=\"og:description\" content=\"The long-running botnet operation used malware that infected older wireless internet routers over a 20-year period, according to federal prosecutors.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/anyproxy-5socks-botnets-seized\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-05-12T17:38:19+00:00\"> <meta property=\"article:modified_time\" content=\"2025-05-12T17:38:22+00:00\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/us-seizes-anyproxy-5socks-botnets-and-indicts-alleged-administrators-1.png\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1746040294g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1746476661g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1740691656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=a815169637cf454b7376\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84474\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84474\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fanyproxy-5socks-botnets-seized%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fanyproxy-5socks-botnets-seized%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-84474 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/anyproxy-5socks-botnets-seized\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.975332068311\">\n<div class=\"single-article__header-content\" readability=\"35.199513381995\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/anyproxy-5socks-botnets-seized\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> The long-running botnet operation used malware that infected older wireless internet routers over a 20-year period, according to federal prosecutors. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84474\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"360\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/us-seizes-anyproxy-5socks-botnets-and-indicts-alleged-administrators.png?resize=640%2C360&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"Anyproxy, 5socks botnet domains seized.\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/us-seizes-anyproxy-5socks-botnets-and-indicts-alleged-administrators-1.png 4066w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/us-seizes-anyproxy-5socks-botnets-and-indicts-alleged-administrators-1.png?resize=300,168 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/us-seizes-anyproxy-5socks-botnets-and-indicts-alleged-administrators-1.png?resize=768,431 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/us-seizes-anyproxy-5socks-botnets-and-indicts-alleged-administrators-1.png?resize=1024,575 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/us-seizes-anyproxy-5socks-botnets-and-indicts-alleged-administrators-1.png?resize=1536,863 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/us-seizes-anyproxy-5socks-botnets-and-indicts-alleged-administrators-1.png?resize=2048,1150 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/us-seizes-anyproxy-5socks-botnets-and-indicts-alleged-administrators-1.png?resize=600,337 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/us-seizes-anyproxy-5socks-botnets-and-indicts-alleged-administrators-1.png?resize=1200,675 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/us-seizes-anyproxy-5socks-botnets-and-indicts-alleged-administrators-1.png?resize=1500,843 1500w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> Federal authorities seized the domains allegedly used for Anyproxy and 5socks botnets. (Screenshot of Anyproxy.net) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"29.314084937366\"><body readability=\"60.892857142857\"><\/p>\n<p>Federal authorities <a href=\"https:\/\/www.justice.gov\/usao-ndok\/pr\/botnet-dismantled-international-operation-russian-and-kazakhstani-administrators\">seized two domains<\/a> and indicted four foreign individuals for alleged involvement in a long-running botnet service that infected older wireless internet routers, the Justice Department said Friday. <\/p>\n<p>The malware created for the botnet allowed infected routers to be reconfigured, which granted unauthorized access to third parties and made the routers available for sale as proxy servers on <a href=\"http:\/\/anyproxy.net\/\">Anyproxy.net<\/a> and <a href=\"http:\/\/5socks.net\/\">5socks.net<\/a>, according to law enforcement officials. Both domains, which were managed by a company headquartered in Virginia and hosted on servers worldwide, now render seizure notices under an effort the DOJ and FBI dubbed \u201cOperation Moonlander.\u201d<\/p>\n<p>The 5socks.net website claimed to be in operation for over 20 years and had more than 7,000 proxies for sale worldwide for a monthly subscription of $9.95 to $110 per month, according to prosecutors. The botnet\u2019s overseas operations were also seized and disabled by law enforcement agencies in the Netherlands and Thailand.<\/p>\n<p>Authorities also indicted the botnet\u2019s alleged administrators and charged them with conspiracy and damage to protected computers, for conspiring with others to maintain, operate and profit from the botnet services known as Anyproxy and 5socks. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The DOJ said the defendants amassed more than $46 million from selling access to infected routers that were part of the Anyproxy botnet. <\/p>\n<p>The accused include three Russian nationals \u2014 Viktorovich Chertkov, 37, Kirill Vladimirovich Morozov, 41, Aleksandr Aleksandrovich Shishkin, 36 \u2014 and Kazakhstani national Dmitriy Rubtsov, 38. Chertkov and Rubtsov are also charged with false registration of a domain name.<\/p>\n<p>The accused men have not been arrested and their whereabouts are unknown. Russia and Kazakhstan don\u2019t have extradition treaties with the U.S. government. <\/p>\n<p>Lumen Technologies\u2019 Black Lotus Labs, which assisted the DOJ and Dutch National Police in tracking the Anyproxy and 5socks botnets, said it discovered thousands of infected IoT and end-of-life devices over the past year. <\/p>\n<p>\u201cWe discovered a weekly average of 1,000 unique bots in contact with the command-and-control infrastructure located in Turkey,\u201d Black Lotus Labs researchers said in a <a href=\"https:\/\/blog.lumen.com\/black-lotus-labs-helps-demolish-major-criminal-proxy-network\/\">blog post<\/a> released Friday. Most of the botnets\u2019 victims are in the United States, researchers added.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The domain seizure warrant was unsealed in the U.S. District Court for the Eastern District of Virginia, and indictment was unsealed in the U.S. District Court for the Northern District of Oklahoma. The FBI Oklahoma City Cyber Task Force discovered business and residential routers in Oklahoma had malware installed without the users\u2019 knowledge and are continuing to investigate the case.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.4005681818182\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/us-seizes-anyproxy-5socks-botnets-and-indicts-alleged-administrators.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/anyproxy-5socks-botnets-seized\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>US seizes Anyproxy, 5socks botnets and indicts alleged administrators |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2080,282,78,1930,338,273,669,3833,168,2815,288],"tags":[2082,286,86,1940,341,279,671,3835,169,2822,294],"class_list":["post-7629","post","type-post","status-publish","format-standard","hentry","category-botnets","category-cybercrime","category-cybersecurity","category-department-of-justice","category-department-of-justice-doj","category-fbi","category-federal-bureau-of-investigation-fbi","category-indictment","category-malware","category-routers","category-threats","tag-botnets","tag-cybercrime","tag-cybersecurity","tag-department-of-justice","tag-department-of-justice-doj","tag-fbi","tag-federal-bureau-of-investigation-fbi","tag-indictment","tag-malware","tag-routers","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/botnets\/\" rel=\"category tag\">botnets<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-justice\/\" rel=\"category tag\">Department of Justice<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-justice-doj\/\" rel=\"category tag\">Department of Justice (DOJ)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fbi\/\" rel=\"category tag\">FBI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/federal-bureau-of-investigation-fbi\/\" rel=\"category tag\">Federal Bureau of Investigation (FBI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/indictment\/\" rel=\"category tag\">indictment<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/malware\/\" rel=\"category tag\">Malware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/routers\/\" rel=\"category tag\">routers<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7629","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7629"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7629\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7629"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7629"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7629"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7629,"date":"2025-05-12T12:38:19","date_gmt":"2025-05-12T17:38:19","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84474"},"modified":"2025-05-12T12:38:19","modified_gmt":"2025-05-12T17:38:19","slug":"us-seizes-anyproxy-5socks-botnets-and-indicts-alleged-administrators","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/05\/12\/us-seizes-anyproxy-5socks-botnets-and-indicts-alleged-administrators\/","title":{"rendered":"US seizes Anyproxy, 5socks botnets and indicts alleged administrators"},"content":{"rendered":"