World

Google disrupts NetNut proxy network used in malware operations

Alphabet’s Google said on Thursday it weakened a network of Internet-connected devices being used to conceal ​and route malicious online traffic, acting against the NetNut residential proxy operator and the Popa botnet.

Google took action in partnership with the FBI and Lumen, among others.

The tech giant said it disabled accounts and services used in NetNut-related malware command-and-control operations and shared technical intelligence on the ‌group’s infrastructure ‌with law enforcement and industry ​partners ‌to ⁠support broader enforcement ​efforts.

Residential ⁠proxy networks route Internet traffic through consumer IP addresses, masking its origin and bypassing security defenses, a feature that, while having legitimate uses, is frequently exploited for cybercrime.

“We believe our coordinated actions have caused significant degradation to NetNut’s proxy network and its ⁠business operations, reducing the available pool of ‌devices for the ‌proxy operator by millions,” Google said ​in a blog.

NetNut’s parent, ‌Israel-based web data provider Alarum Technologies, was informed ‌of the seizure of some of its domains by the FBI on Thursday, the company told Reuters.

“Alarum takes this matter seriously and will fully cooperate with law ‌enforcement to ensure any misuse of its infrastructure is thoroughly investigated and those ⁠responsible ⁠are held to account.”

Separately on the day, Bloomberg News reported that the FBI has been been examining potential links between NetNut and Popa for more than a year, citing documents seen and people familiar with the situation.

The investigation was one of several reviewed by officials from multiple federal law enforcement agencies during a Colorado meeting on proxy networks late last year, the report said.

The ​FBI did not ​immediately respond to a Reuters request for comment.

Related Articles

Back to top button