Google’s disruption rips millions out of devices out of malicious network | CyberScoop<\/title> <meta name=\"description\" content=\"The actions impaired some of IPIDEA\u2019s proxy infrastructure, but not all of it. The effort underscores the back-and-forth struggle of taking out pieces of cybercriminals\u2019 vast and growing infrastructure.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/ipidea-proxy-network-disrupted-google-lumen\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Google's disruption rips millions out of devices out of malicious network\"> <meta property=\"og:description\" content=\"The actions impaired some of IPIDEA\u2019s proxy infrastructure, but not all of it. The effort underscores the back-and-forth struggle of taking out pieces of cybercriminals\u2019 vast and growing infrastructure.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/ipidea-proxy-network-disrupted-google-lumen\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-01-30T15:37:32+00:00\"> <meta property=\"article:modified_time\" content=\"2026-01-30T15:37:35+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-1.png\"> <meta property=\"og:image:width\" content=\"1286\"> <meta property=\"og:image:height\" content=\"710\"> <meta property=\"og:image:type\" content=\"image\/png\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1765909325g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1768841770g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1767808656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/87629\"><meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=87629\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fipidea-proxy-network-disrupted-google-lumen%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fipidea-proxy-network-disrupted-google-lumen%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-87629 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/ipidea-proxy-network-disrupted-google-lumen\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.37983706721\">\n<div class=\"single-article__header-content\" readability=\"36.410041841004\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/ipidea-proxy-network-disrupted-google-lumen\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> The actions impaired some of IPIDEA\u2019s proxy infrastructure, but not all of it. The effort underscores the back-and-forth struggle of taking out pieces of cybercriminals\u2019 vast and growing infrastructure. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/87629\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"354\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network.png?resize=640%2C354&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"Image of global data networks\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-1.png 1286w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-1.png?resize=300,166 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-1.png?resize=768,424 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-1.png?resize=1024,565 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-1.png?resize=600,331 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-1.png?resize=1200,663 1200w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> Getty Images <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"53.033126293996\"><body readability=\"108.52037980547\"><\/p>\n<p>Millions of devices used as proxies by cybercriminals, espionage groups and data thieves have been removed from circulation following Google\u2019s disruption of IPIDEA, a China-based residential proxy network. The reduction in available proxy devices came after Google\u2019s Threat Intelligence Group used legal action and intelligence sharing to target the company\u2019s domain infrastructure, Google <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/disrupting-largest-residential-proxy-network\">said in a blog post<\/a> Wednesday. <\/p>\n<p>Google\u2019s action, aided by Cloudflare, Lumen\u2019s Black Lotus Labs and Spur, impaired some of IPIDEA\u2019s proxy infrastructure, but not all of it. The coordinated strikes against malicious infrastructure underscore the back-and-forth struggle threat hunters confront when they take out pieces of cybercriminals\u2019 vast and growing infrastructure. <\/p>\n<p>Initial data indicates IPIDEA\u2019s proxy network was cut by about 40%.<\/p>\n<p>\u201cWe have still seen around 5 million distinct bots communicating with the IPIDEA command and control servers, so as of now they are still able to operate with a large volume of proxies,\u201d Chris Formosa, senior lead information security engineer at Lumen Technologies\u2019 Black Lotus Labs, told CyberScoop Thursday.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Lumen was tracking a daily average of about 8.5 million proxies connecting to IPIDEA\u2019s servers before some of its domains were taken offline this week. \u201cThe true population was likely closer to 10-11 million, but we could only see 8.5 million of them with our visibility,\u201d Formosa said.<\/p>\n<p>Google researchers discovered a cluster of seemingly independent proxy and virtual private network brands controlled by IPIDEA. Google found several domains also owned by IPIDEA supporting software development kits for residential proxies embedded into existing applications.<\/p>\n<p>Developers who add these SDKs to their apps are paid by IPIDEA, typically on a per-download basis. \u201cThese SDKs are the key to any residential proxy network\u2014the software they get embedded into provides the network operators with the millions of devices they need to maintain a healthy residential proxy network,\u201d Google said in the report.<\/p>\n<p>Residential proxy networks can serve a legitimate purpose, but researchers have been warning that unethical or outright criminal operators are abusing these networks to build and support botnets, cybercrime campaigns, espionage and other malicious activity.<\/p>\n<p>\u201cThe residential proxy industry appears to be rapidly expanding, and GTIG\u2019s research indicates that the vast majority of its growth is fueled by malicious use,\u201d Charley Snyder, senior manager at GTIG, told CyberScoop. \u201cGTIG found that these proxies are overwhelmingly misused by bad actors.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Researchers said many service providers are packaging proxy malware in software that users are downloading, and unwittingly allowing proxy networks to hijack consumer bandwidth to obscure cybercrime.<\/p>\n<p>Earlier this month, Google said it observed more than 550 distinct threat groups, including some from China, North Korea, Iran and Russia, using IP addresses tracked as IPIDEA exit notes during a seven-day period. These threat groups accessed victim cloud environments, on-premises infrastructure and initiated password-spray attacks, according to Google.<\/p>\n<p>Security teams and cyber authorities are placing more attention on the systems and scaffolding that support cybercrime, effectively trying to squeeze resources and place additional pressure on their activities.<\/p>\n<p>\u201cBy targeting the tools criminals use rather than just the criminals themselves, defenders can impose significant costs on the ecosystem in a way that can\u2019t easily or quickly be regenerated,\u201d Snyder said. <\/p>\n<p>Google\u2019s actions severed the command-and-control links between operators and millions of devices, and took down storefronts, negating the investments IPIDEA made to gain brand awareness and traction, he added. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>While Google took a big bite out of IPIDEA\u2019s infrastructure, the fight against the company and others continues. <\/p>\n<p>\u201cThis is a very complex ecosystem with dozens, if not hundreds, of brands and shell entities,\u201d Snyder said. \u201cWhile our disruption is significant, this ecosystem is built on anonymity and shared resources. They\u2019ve survived takedowns before, so we are pleased by the progress we\u2019ve made but know there is more to do.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.5225048923679\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<div class=\"popular-stories__stories\">\n<div class=\"popular-stories__cards\">\n<article class=\"post-item post-item--popular-stories-cards \" readability=\"21.823529411765\">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/north-korea-attackers-evasive-techniques-malware\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"506\" height=\"337\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-1.jpg?resize=506%2C337&ssl=1\" class=\"attachment-ratio-16-9-md size-ratio-16-9-md wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-3.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-3.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-3.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-3.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-3.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-3.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-3.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-3.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-3.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-3.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 506px) 100vw, 506px\"> <\/a><figcaption class=\"screen-reader-text\"> In this picture taken near the truce village of Panmunjom inside the demilitarized zone (DMZ) separating the two Koreas, a bird flies near a North Korean flag fluttering in the wind at the propaganda village of Gijungdong in North Korea on October 4, 2022. (Photo by ANTHONY WALLACE\/AFP via Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\" readability=\"1.83984375\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/north-korea-attackers-evasive-techniques-malware\/\"> North Korean operatives spotted using evasive techniques to steal data and cryptocurrency <\/a> <\/h3>\n<p> Research from Cisco Talos and Google Threat Intelligence Group underscores the extent to which North Korea-aligned attackers attempt to avoid detection. <\/p>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/matt-kapko\/\"> Matt Kapko <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/salesloft-drift-attacks-cloudflare-palo-alto-networks-zscaler\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"224\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-2.jpg?resize=224%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-4.jpg 4500w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-4.jpg?resize=300,225 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-4.jpg?resize=768,576 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-4.jpg?resize=1024,768 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-4.jpg?resize=1536,1152 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-4.jpg?resize=2048,1536 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-4.jpg?resize=600,450 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-4.jpg?resize=224,168 224w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-4.jpg?resize=449,337 449w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-4.jpg?resize=900,675 900w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-4.jpg?resize=1124,843 1124w\" sizes=\"auto, (max-width: 224px) 100vw, 224px\"> <\/a><figcaption class=\"screen-reader-text\"> Salesloft confirmed the impact is much more severe and widespread. (imageBROKER\/Timon Schneider\/Alamy) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/salesloft-drift-attacks-cloudflare-palo-alto-networks-zscaler\/\"> Salesloft Drift attacks hit Cloudflare, Palo Alto Networks, Zscaler <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/matt-kapko\/\"> Matt Kapko <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/google-cybersecurity-disruption-unit-active-defense-hack-back\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network.webp?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-5.jpg 7512w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-5.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-5.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-5.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-5.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-5.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-5.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-5.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-5.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-5.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network-5.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> Google\u2019s Washington, DC, regional office is seen at dusk on August 11, 2024, in Reston, VA. (Photo by J. David Ake\/Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/google-cybersecurity-disruption-unit-active-defense-hack-back\/\"> Google previews cyber \u2018disruption unit\u2019 as U.S. government, industry weigh going heavier on offense <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/tim-starkscyberscoop-com\/\"> Tim Starks <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/ipidea-proxy-network-disrupted-google-lumen\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google’s disruption rips millions out of devices out of malicious<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[271,282,78,387,3729,5877,513,2952,647,5878,270,288],"tags":[277,286,86,391,3731,5879,517,2955,240,5880,276,294],"class_list":["post-8315","post","type-post","status-publish","format-standard","hentry","category-china","category-cybercrime","category-cybersecurity","category-google","category-google-threat-intelligence-group","category-ipidea","category-iran","category-lumen-technologies","category-north-korea","category-proxy-network","category-russia","category-threats","tag-china","tag-cybercrime","tag-cybersecurity","tag-google","tag-google-threat-intelligence-group","tag-ipidea","tag-iran","tag-lumen-technologies","tag-north-korea","tag-proxy-network","tag-russia","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google\/\" rel=\"category tag\">Google<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google-threat-intelligence-group\/\" rel=\"category tag\">Google Threat Intelligence Group<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ipidea\/\" rel=\"category tag\">IPIDEA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/iran\/\" rel=\"category tag\">Iran<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/lumen-technologies\/\" rel=\"category tag\">Lumen Technologies<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/north-korea\/\" rel=\"category tag\">North Korea<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/proxy-network\/\" rel=\"category tag\">proxy network<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8315","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8315"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8315\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8315"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8315"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8315"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8315,"date":"2026-01-30T09:37:32","date_gmt":"2026-01-30T15:37:32","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=87629"},"modified":"2026-01-30T09:37:32","modified_gmt":"2026-01-30T15:37:32","slug":"googles-disruption-rips-millions-out-of-devices-out-of-malicious-network","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/01\/30\/googles-disruption-rips-millions-out-of-devices-out-of-malicious-network\/","title":{"rendered":"Google\u2019s disruption rips millions out of devices out of malicious network"},"content":{"rendered":"