Dutch Government Takes Down 17‑Million‑Device Botnet Linked to Asocks Proxy Service
What Happened — Dutch police, in partnership with the National Cyber Security Centre (NCSC), seized more than 200 servers from a local hosting provider and forced offline a botnet that had compromised at least 17 million computers, tablets, and smartphones. The botnet was used for DDoS attacks, malicious traffic proxying, and cryptocurrency mining and is believed to be tied to the “Asocks” universal proxy service.
Why It Matters for TPRM —
- Large‑scale botnets often leverage third‑party proxy or hosting services, exposing downstream customers to indirect abuse.
- Compromised endpoints can become a launchpad for attacks against your organization’s network, even if you never directly purchase the malicious service.
- The incident highlights the need for rigorous vendor due‑diligence on any service that provides IP‑address or proxy resources.
Who Is Affected — Cloud‑based proxy providers, hosting companies, enterprises that rely on third‑party proxy or VPN services, and any organization with unmanaged IoT or mobile devices that may be recruited into botnets.
Recommended Actions —
- Review contracts and security questionnaires for any proxy, VPN, or “universal proxy” vendors.
- Verify that vendors enforce strong authentication, regular firmware updates, and disable default credentials on all supplied hardware.
- Implement network‑level monitoring for abnormal outbound traffic patterns indicative of botnet activity.
Technical Notes — The botnet was built through malware infections that exploited default credentials and outdated firmware on a wide variety of devices. No specific CVE was cited. The operation relied on a distributed infrastructure of >200 servers hosted in the Netherlands. Source: BleepingComputer