FBI Seizes NetNut Proxy Platform, Popa Botnet
Summary
The FBI, in collaboration with industry partners, has seized hundreds of domains belonging to NetNut, a large residential proxy service operated by the Israeli company Alarum Technologies. This action follows reports from security firms linking NetNut to the Popa botnet, which comprises at least two million compromised devices.
IFF Assessment
The seizure of a proxy service and its connection to a large botnet represents a setback for defenders as it may indicate sophisticated criminal operations.
Defender Context
This incident highlights the ongoing use of legitimate-looking infrastructure, like proxy services, by threat actors to facilitate malicious activities such as botnet operations. Defenders should be aware of how such services can be abused for command and control or to obfuscate the origin of attacks.