HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Dutch Authorities Dismantle 17‑Million‑Device Botnet Linked to ASOCKS Residential Proxy Service

Dutch police and the NCSC seized 200+ servers, disabling a botnet of 17 million compromised devices used by the ASOCKS residential‑proxy service for DDoS, phishing, and web‑scraping. The takedown highlights a supply‑chain risk for organizations that rely on third‑party proxy services.

LiveThreat™ Intelligence · 📅 May 30, 2026· 📰 securityaffairs.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
4 recommended
📰
Source
securityaffairs.com

Dutch Authorities Dismantle 17‑Million‑Device Botnet Linked to ASOCKS Residential Proxy Service

What Happened – Dutch police, together with the National Cyber Security Centre (NCSC), seized more than 200 servers and took offline a botnet that had compromised at least 17 million consumer devices (PCs, tablets, smartphones). The infrastructure was tied to the residential‑proxy provider ASOCKS, which was being abused for DDoS, phishing, and large‑scale web‑scraping campaigns.

Why It Matters for TPRM

  • Residential‑proxy services can become a hidden supply‑chain risk, allowing attackers to mask malicious traffic behind legitimate‑looking IPs.
  • Compromised end‑user devices may be leveraged to launch attacks against your organization’s external‑facing assets.
  • The scale of the botnet demonstrates how weak device hygiene can translate into a global threat vector that impacts third‑party risk assessments.

Who Is Affected – All sectors that rely on internet‑exposed services, especially Finance Services, Retail/E‑Commerce, Technology SaaS, and any organization that outsources traffic routing through third‑party proxy or CDN providers.

Recommended Actions

  • Review any contracts or usage of residential‑proxy or anonymisation services.
  • Enforce strict endpoint hardening (patch management, MFA, strong passwords) for all employee‑owned devices.
  • Deploy outbound traffic monitoring to detect unusual proxy traffic patterns.
  • Incorporate proxy‑service vetting into your third‑party risk questionnaires.

Technical Notes – The botnet was built by infecting consumer devices with malware that routed traffic through ASOCKS’s proxy network. No specific CVE was cited; the infection vector relied on outdated software, weak passwords, and malicious Android apps. Data types exfiltrated were not disclosed, but the infrastructure supported DDoS, phishing, and large‑scale web‑scraping. Source: https://securityaffairs.com/192890/malware/botnet-of-17-million-devices-dismantled-in-the-netherlands.html

📰 Original Source
https://securityaffairs.com/192890/malware/botnet-of-17-million-devices-dismantled-in-the-netherlands.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Access is where most audits get tested.

Verisq AI Trust Operations maps incidents like this to your access controls and collects the evidence continuously, keeping your SOC 2 posture defensible.

See where you'd stand with Verisq AI Trust Operations →