NCSC and Dutch police disrupt global botnet controlled via Netherlands-based servers

The Cybercrime Team of the Police Unit The Hague, together with the National Cyber Security Centre (NCSC), says it has successfully dismantled a large Asocks botnet and taken it offline.

The botnet was made up of at least 17 million compromised consumer devices around the world, including computers, routers, tablets, smartphones, and internet-connected devices such as smart security cameras.

Investigators identified 200 servers used to run the infrastructure, all of which were physically based in the Netherlands.

The Asocks network operated as a “residential proxy service,” in which cybercriminals covertly infected poorly protected consumer devices with malware. These compromised devices were then used to route internet traffic and launch large-scale cyberattacks, all without the knowledge of their rightful owners.

The case was triggered by a report from a security researcher to the NCSC, which quickly passed the information on to the police. This led to a joint investigation by both agencies. During the operation, the Police Unit The Hague confiscated several servers from a Dutch hosting provider for forensic examination, while the provider itself shut down the malicious infrastructure once its criminal use was confirmed.

As consumer devices and routers are frequently targeted by proxy botnets, the police and the NCSC advise users to change default passwords right away, ensure their Wi-Fi is secured with WPA2 or WPA3, and install software updates as soon as they become available.