Sunday, July 5, 2026
NewsezeNews with Rewards · Earn while you read
+5 credits / query
cyber

NetNut proxy network disrupted, 2 million infected devices cut off - BleepingComputer

Newseze Wire·Fri, Jul 3, 5:50 PMWire: BleepingComputer via Google News
Open original source Read full story (in-site)
NetNut proxy network disrupted, 2 million infected devices cut off - BleepingComputer

NetNut proxy network disrupted, 2 million infected devices cut off    BleepingComputer

Sourcing & attribution. Newseze provides AI-curated summaries, narrative framing, and editorial analysis. The underlying reporting was contributed by BleepingComputer via Google News; tap “Open original source” above to read their full reporting and support the contributing newsroom directly.

Newseze Analysis414 words · original commentary
# NetNut Proxy Disruption Cuts Off 2 Million Compromised Devices from Cybercriminal Network Law enforcement and cybersecurity partners have successfully disrupted NetNut, a residential proxy network that had compromised approximately 2 million devices worldwide. The action represents a significant intervention against infrastructure commonly exploited for credential theft, fraud, and unauthorized access to online services. Residential proxies route traffic through legitimate home computers and smartphones, making malicious activity harder to detect than attacks originating from obvious data centers. The NetNut disruption illustrates how modern cybercrimes depend on distributed networks of compromised machines rather than sophisticated zero-day exploits. Most infected devices were likely enrolled without their owners' knowledge—either through drive-by downloads, credential harvesting, or bundled software installations. Users typically experienced sluggish performance, unexpected data usage, or battery drain without understanding their machine's role in facilitating fraud. The scale of the operation underscores a persistent vulnerability: while individuals install security software, many devices lack continuous monitoring or automatic remediation once compromised. NetNut's operators profited by renting access to this botnet to customers seeking to hide their origin point—valuable for account takeovers, price scraping, and bypassing geographic restrictions. The takedown disrupts that revenue model and, critically, cuts attackers off from infrastructure they depend on for downstream crimes. What makes this intervention noteworthy is the coordination required. Disrupting a proxy network demands not only identifying the infrastructure but also obtaining legal authority to seize or disable it, coordinating across jurisdictions, and timing the action to maximize impact before operators migrate to backup systems. The 2 million device figure suggests law enforcement possessed comprehensive visibility into the network's scope—a capability that requires either court-authorized access to upstream infrastructure or cooperation from internet service providers and hosting providers. The evidence quality here is strong: operational disruptions leave quantifiable traces. Researchers can measure the sudden unavailability of proxy endpoints, confirm device disconnections in their logs, and verify that new traffic no longer flows through the network. This differs from theoretical analyses of emerging threats and represents a concrete, measurable outcome. **Worth knowing:** While this disruption removes one proxy service, the underlying vulnerability—millions of poorly-secured or unmonitored devices—remains. Cybercriminals will likely reconstitute similar networks or migrate to alternatives. The real protection lies in device hygiene: regular patching, strong passwords, enabling multi-factor authentication, and running current security software. Users concerned whether their device was part of NetNut should check for unexpected system slowdowns and review installed software for unfamiliar applications. The disruption is a victory in containment, not elimination, of the threat. Reporting: BleepingComputer.
Ask Us · Any Story, Any AnswerBe the first to ask

Newseze's algorithm reads the story and answers your question — calmly, factually, with source attribution. No comments, no flame wars — just answers.

No questions yet. Be the first.

Answers reflect Newseze's editorial framework applied under fair use (17 U.S.C. § 107). Not financial, legal, medical, or tax advice. Hate speech and racial slurs are blocked.

Related stories

IBM Deploys 20,000 Engineers to Secure Open-Source Code After Anthropic Flags Critical Vulnerability Gaps
CYBERtrust 83
IBM Deploys 20,000 Engineers to Secure Open-Source Code After Anthropic Flags Critical Vulnerability Gaps

Why it mattersA $5 billion commitment to systemic open-source bug remediation signals industry recognition that unpatched vulnerabilities in widely-used libraries pose real risk to enterprise security and supply-chain integrity.

IBM and Red Hat assign 20,000 engineers to the new Project Lightwell service as Anthropic's Mythos findings ignite debate over how to secure the open-source sof…

MarcusBy Marcus·2d ago
WireDark Reading
Full Analysis Comment PostRead →
U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case
CYBERtrust 80
U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

Why it mattersA U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail th…

A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, bu…

ChellaBy Chella·14h ago
WireThe Hacker News
Full Analysis Comment PostRead →
Google and FBI Shut Down NetNut Proxy Network Exploiting Millions of Infected Devices
CYBERtrust 86
Google and FBI Shut Down NetNut Proxy Network Exploiting Millions of Infected Devices

Why it mattersLaw enforcement successfully dismantled a major cyber-abuse infrastructure used to mask criminal activity and compromise user privacy at massive scale, demonstrating coordinated ability to track and disrupt sophisticated…

Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices    SecurityWeek

MarcusBy Marcus·1d ago
WireSecurityWeek via Google News
Full Analysis Comment PostRead →
North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
CYBERtrust 75
North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign

Why it mattersThe North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist, Go, and Google Chrome as part of an ongoing…

The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning…

ChellaBy Chella·16h ago
WireThe Hacker News
Full Analysis Comment PostRead →