THE FBI TOPPLES ANOTHER CYBER GANG
The FBI and private-sector partners have disrupted NetNut, one of the world’s biggest and most popular residential proxy networks, which has been tied to routing and disguising online attacks and other malicious activity.
Malicious residential proxies pressed consumer devices into service and sold criminal subscribers the ability to route their traffic through these IP addresses, making them function as exit nodes. By routing traffic through an array of consumer devices all over the world, attackers can mask their malicious activity. This complicates network defenders’ ability to detect and block malicious activities.”NetNut secretly hijacked over 2 million home devices like smart TVs and routers, allowing attackers to hide behind innocent users’ IP addresses. To put the scale of this threat into perspective, in a single week during June 2026, our team at GTIG observed 316 distinct threat clusters using suspected NetNut exit nodes, including cybercriminal and espionage groups“, said Austin Larsen, principal threat analyst at Google Threat Intelligence Group, in a blog post.”Cybercriminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the user’s purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process,” the FBI said in a March 2025 alert. In some cases, attackers trick users into installing software “in exchange for unused bandwidth or sharing your internet”, Google added.
AND ALSO A CYBER CRIMINAL IN SPAIN WITH THE NATIONAL POLICE
A Spanish man arrested in March on suspicion of cybercrime has been identified as a close associate of several pro-Russia hacktivist groups, Spanish police said. Acting on a tip from the U.S. Federal Bureau of Investigation, Spanish National Police took the suspect into custody from his home in the city of Palencia for allegedly partnering with Cyber Army of Russia Reborn. Investigators later determined he had also worked with Z-Pentest, an offshoot of Cyber Army of Russia Reborn, and may have carried out attacks by NoName057(16).
“Politically motivated hacktivist groups, whether state-sponsored like CARR or state-sanctioned like NoName, pose a serious threat to our national security, particularly when foreign intelligence services use civilians to obfuscate their malicious cyber activity targeting American critical infrastructure as well as attacking proponents of NATO and U.S. interests abroad,” said federal prosecutor Bill Essayli following last year’s indictment of an alleged co-conspirator of the groups. The crackdown is part of the FBI’s Operation Red Circus, which aims to disrupt Russian state-sponsored groups and their “opportunistic attacks against critical infrastructure, including the water, agriculture and energy sectors,” the FBI said Monday on social media.
(Tribute to DATA BREACH TODAY)

