A malware botnet called IPStorm, which used thousands of compromised devices across various platforms to provide proxy services to malicious actors, was taken down by the FBI earlier this year. The developer and operator of the botnet, Sergei Makinin, a Russian-Moldovan national, was arrested in Puerto Rico and pleaded guilty to three counts of computer fraud. He admitted that he made at least $550,000 from selling the proxy services through his websites, proxx.io and proxx.net, and agreed to forfeit his cryptocurrency wallets. He now faces up to 10 years in prison. IPStorm was first discovered in May 2019 by Anomali researchers, who found that it used a peer-to-peer protocol called InterPlanetary File System (IPFS) to communicate with infected devices and hide malicious traffic. The botnet initially targeted Windows systems, but later expanded to infect Android, Linux, and Mac devices as well. It spread by scanning the internet for devices that had exposed ports or weak SSH credentials. The victims of IPStorm not only had their network bandwidth hijacked by cybercriminals, but also risked receiving more dangerous payloads at any time. The FBI, along with other law enforcement agencies and private sector partners, dismantled the IPStorm botnet and its infrastructure, but did not extend the operation to the victim computers, which may still be infected and vulnerable to further attacks.
Sergei Makinin was arrested in Puerto Rico on September 18, 2023. He was then transferred to the Florida Southern District Court, where he pleaded guilty on November 15, 2023.
Arrest reference: USA v. Makinin (1:23-mj-02152), Florida Southern District Court. https://www.pacermonitor.com/public/case/47660807/USA_v_Makinin.