The U.S. Treasury Department has imposed sanctions on a cybercrime network involving three Chinese nationals and three Thai companies connected to the notorious “911 S5” residential proxy service. This proxy service, exposed by researchers from the Canadian University of Sherbrooke in June 2022, enticed users with free VPN offers, infecting their devices with malware to add them to the massive 911 S5 botnet.
Initially controlling 120,000 residential proxy nodes worldwide, the 911 S5 botnet suffered a setback after key operations were compromised, only to reemerge later as “CloudRouter.” The proxy service enabled cybercriminals to disguise their digital footprints by routing their internet traffic through compromised devices, making it appear as if the cybercrimes originated from victims’ computers.
The OFAC revealed that the 911 S5 botnet compromised around 19 million IP addresses, allowing cybercriminals to exploit these infected devices for various fraudulent activities. These activities included submitting fraudulent applications for COVID-19 relief programs and making bomb threats across the United States, resulting in substantial financial losses and public safety concerns.
In response to these sanctions, transactions involving the designated individuals and entities’ U.S. interests and properties are now prohibited. Under Secretary Brian E. Nelson emphasized the U.S. government’s commitment to disrupting cybercriminals and illicit actors who exploit technology for nefarious purposes, highlighting ongoing efforts to safeguard national security and economic interests.
