One Sock Fits All: The use and abuse of the NSOCKS botnet

SUMMARY :

The ngioweb botnet serves as the foundation for the NSOCKS criminal proxy service, maintaining over 35,000 bots daily across 180 countries. The botnet primarily targets SOHO routers and IoT devices, with two-thirds of proxies based in the U.S. NSOCKS utilizes over 180 'backconnect' C2 nodes to obscure users' identities. The infrastructure enables various threat actors to create their own services and launch DDoS attacks. The botnet employs multiple exploits, targeting vulnerable devices and evading common security solutions. NSOCKS is notorious among criminal forums and has been used by groups like Muddled Libra. The service allows users to purchase proxies with cryptocurrency, offering features such as domain filtering for targeted use. The open nature of NSOCKS has led to its abuse by other actors, including DDoS attackers and other proxy services like Shopsocks5 and VN5Socks.

OPENCTI LABELS :

botnet,cybercrime,ddos,ngioweb,nsocks,proxy service,soho routers,shopsocks5,iot devices,vn5socks


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


One Sock Fits All: The use and abuse of the NSOCKS botnet