Dutch police seized a bulletproof hosting service in a major takedown, the infrastructure was used by tens of IoT botnets involved in DDoS attacks.
A joint operation conducted by the Netherlands’ National Criminal Investigation Department and National Cyber Security Center allowed to track down and seize five servers that were composing a cybercrime underground bulletproof hosting service.
The servers were hosted at an unnamed data center in Amsterdam, it was used by tens of IoT botnets involved in DDoS attacks worldwide. The bulletproof hosting service was used to host malware and command and control systems of several DDoS botnets.
“Middelburg, Veendam, Amsterdam, Driebergen – The police has taken five servers offline that were used to control a version of a so-called botnet.” reads the press release published by the Dutch police. “The hardware was seized and the business operations stopped. A 24-year-old man from Veendam and a 28-year-old man from Middelburg were arrested on Tuesday evening. They are suspected of, among other things, computer breach and the spread of malware.”
Authorities revealed that they have received more than three thousand reports of malware spread through the bulletproof hosting service.over a period of one year.
The authorities also arrested two Dutch nationals who had been running a Mirai botnet from the servers of KV Solutions BV (KV hereinafter) bulletproof hosting service.
In this case, the police say, the people controlling those servers were a pair of Dutch nationals who had been running a Mirai botnet with cover from the bulletproof host.
“The investigation also revealed that this botnet was very aggressively trying to infect other devices, up to over a million attempts per month on one device,” the translated police statement reads.
“The investigation also revealed that this botnet was very aggressively trying to infect other devices, up to over a million attempts per month on one device. Which DDoS attacks can be attributed to this botnet is part of the further investigation.” continues the statement.
Authorities are analyzing the seized servers and the data they contain will likely lead to the arrests of other players in the cybercrime underground.