Google on Wednesday announced that it worked together with other partners to disrupt IPIDEA, which it described as one of the largest residential proxy networks in the world.
To that end, the company said it took legal action to take down dozens of domains used to control devices and proxy traffic through them. As of writing, IPIDEA’s website (“www.ipidea.io”) is no longer accessible. It advertised itself as the “world’s leading provider of IP proxy” with more than 6.1 million daily updated IP addresses and 69,000 daily new IP addresses.
“Residential proxy networks have become a pervasive tool for everything from high-end espionage to massive criminal schemes,” John Hultquist, Google Threat Intelligence Group’s (GTIG) chief analyst, said in a statement shared with The Hacker News.
“By routing traffic through a person’s home internet connection, attackers can hide in plain sight while infiltrating corporate environments. By taking down the infrastructure used to run the IPIDEA network, we have effectively pulled the rug out from under a global marketplace that was selling access to millions of hijacked consumer devices.”
Google said that, as recently as this month, IPIDEA’s proxy infrastructure has been leveraged by more than 550 individual threat groups with varying motivations, such as cybercrime, espionage, advanced persistent threat (APTs), information operations, from across the world, including China, North Korea, Iran, and Russia. These activities ranged from access to victim SaaS environments, on-premises infrastructure, and password spray attacks.
In an analysis published earlier this month, Synthient revealed that the threat actors behind the AISURU/Kimwolf botnet were abusing security flaws in residential proxy services like IPIDEA to relay malicious commands to susceptible Internet of Things (IoT) devices behind a firewall within local networks to propagate the malware.
The malware that turns consumer devices into proxy endpoints is stealthily bundled within apps and games pre-installed on off-brand Android TV streaming boxes. This forces the infected device to relay malicious traffic and participate in distributed denial-of-service (DDoS) attacks.
IPIDEA is also said to have released standalone apps, marketed directly to people looking to make “easy cash” by blatantly advertising they’ll pay consumers to install the app and allow it to use their “unused bandwidth.”
While residential proxy networks offer the ability to route traffic through IP addresses owned by internet service providers (ISPs), this can also provide the perfect cover for bad actors looking to mask the origin of their malicious activity.
“To do this, residential proxy network operators need code running on consumer devices to enroll them into the network as exit nodes,” GTIG explained. “These devices are either pre-loaded with proxy software or are joined to the proxy network when users unknowingly download trojanized applications with embedded proxy code….
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
