Dutch law enforcement and the NCSC dismantled a 17-million-device botnet, reportedly the Asocks residential proxy service, which compromised computers, tablets, and smartphones by hijacking them via approximately 200 command servers. The NCSC advises keeping all operating systems, routers, and applications updated and maintaining full visibility of edge devices to prevent such botnet integration.
A 17-million-device botnet network that hosted its infrastructure on 200 servers located in the Netherlands was recently dismantled. On May 28, 2026, the Police and the National Cyber Security Center (NCSC) announced the joint operation that successfully took the unnamed botnet offline. It was initially discovered by a security researcher, who reported the anomaly to the NCSC, which subsequently informed the Police to initiate a comprehensive forensic investigation. The joint investigation revealed that the threat actors controlled this massive compromised architecture, which included computers, tablets, and smartphones, using approximately 200 infrastructure servers physically located within the Netherlands. During the operation, the Police seized severalbotnetservers from a local hosting provider for ongoing investigation purposes.According tothe NCSC, the hosting provider permanently took the botnet offline following the seizure because the infrastructure was actively being used for criminal activities. Somereports suggestthe law enforcement operation targeted the Asocks network, which operated as a “residential proxy service.” To secure hardware against botnet integration, the NCSC issued explicit prevention guidance. Users and network administrators must keep operating systems, routers, and apps up to date. It is critical to maintain full visibility of all edge devices operating on the network. The NCSC advises users to: In March, an international law enforcement initiative dubbed Operation Lightningdismantled the SocksEscort proxy network, which operated by hijacking small-office and home-office (SOHO) routers utilizing the AVRecon botnet. Around the same time,Aisuru, KimWolf, JackSkid, and Mossadwere also taken down, andAsus routers were hijacked by the KadNap botnetto serve as malicious proxies. In January, theIPIDEA proxy network was disrupted. Get expert insights on threats, breaches, scams, and security trends — delivered every Monday. Get expert insights on threats, breaches, scams, and security trends — delivered every Monday. Get expert insights on threats, breaches, scams, and security trends — delivered every Monday. Please enter a valid email address. TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world. © 2026 TechNadu. All Rights Reserved. TechNadu is a part ofLeaprove Media LLP. This website uses cookies to ensure you get the best experience on our website.