The FBI has officially taken down the culprit behind "the world's largest botnet," a scheme that infected more than 19 million devices through VPN exploitation. This scheme allowed cybercriminals to commit various crimes while still hiding their identities.
According to reports, YunHe Wang, 35, a Chinese national who was also a St. Kitts and Nevis resident, developed and ran the botnet system known as "911 S5". Wang was apprehended on May 24.
The federal government claims it created a network with over 19 million distinct IP addresses and used malware to infect millions of Windows personal PCs worldwide.
According to the federal government, he used malware to infect millions of Windows personal computers worldwide, creating a network with over 19 million unique IP addresses. Wang is charged with developing the method that made it possible for criminals to commit crimes using identity masks.
Read Also: Black Basta Ransomware Attack: Threat Actors Abuse Windows Quick Assist to Launch Phishing Scheme
Botnet 911 S5
According to the DOJ, he accomplished this by developing and spreading a botnet called 911 S5, which he used to infiltrate and assemble a global network of millions of home Windows PCs between 2014 and July 2022. Over 19 million distinct IP addresses were linked to these devices, with 613,841 being found in the United States.
According to the Department of Justice, Wang made about $99 million between 2018 and July 2022 by selling proxied IP addresses that had been taken over by someone else through his 911 S5 enterprise.
He was paid in both fiat money and cryptocurrencies for these sales. Wang purchased real estate in China, Singapore, the US, the United Arab Emirates, Thailand, and St. Kitts & Nevis with this money.
FBI's Latest Cybercriminal Takedowns
FBI's latest crackdown proves how the organization remains consistent with its operations against cybercriminals. This February, US and UK authorities took down the notorious cybercrime gang LockBit, known for its ransomware assaults that obstruct users' entry into their computer systems in return for a ransom payment, in a concerted international effort.
The agencies have admitted their role in disrupting the LockBit gang's activities, but they also made it clear, at the time, that the mission was "developing" and going strong, suggesting a deliberate attempt to dismantle the criminal organization.
LockBit, a gang well-known for its extensive ransomware attacks that target organizations across many industries, appears to have compromised some of the largest businesses in the world in recent months.
US officials have characterized it as one of the most dangerous ransomware threats globally. It has infected more than 1,700 US companies, including those in the banking, insurance, learning, transit, and government sectors.
The gang's method of operation includes stealing confidential information from its targets and demanding substantial payments, with the threat of making the stolen data publicly available. LockBit is an advanced cybercrime organization that enlists associates to use its digital extortion tools in attacks.