Cybercriminals and state-sponsored actors exploit social media for espionage and disinformation. Telegram is under fire for sharing data with Russia’s FSB, prompting Ukraine to restrict it. OpenAI's Ben Nimmo fights AI-driven disinformation targeting U.S. and European elections.
This week’s Cyber Pulse Mid-Week Briefings cover Australia’s new Cyber Security Bill, rising ransomware claims, Zscaler's AI-driven platform growth, and cyber threats from East Asia, including Chinese influence operations, North Korean tech theft, and costly global data breach claims.
Visa boosts AI fraud detection with Featurespace acquisition, lifting its stock; Experian expands Latin American security by acquiring ClearSale; Booz Allen shares cyber expertise at Singapore International Cyber Week; Torq secures $70M for global growth; SentinelOne and Okta shine in top awards.
Massive Botnet Dismantled and Administrator Arrested in 911 S5 Case, FBI Reports
The FBI dismantled the 911 S5 botnet, infecting over 19 million IPs. Administrator YunHe Wang, facing up to 65 years, earned $99 million from malware and proxy services. Authorities seized 23 domains and 70 servers.
The FBI, in collaboration with international partners, has successfully dismantled a major botnet that infected over 19 million IP addresses across 200 countries, concealing various cybercrimes for years.
The alleged mastermind of the 911 S5 botnet, an individual known as YunHe Wang, a Chinese national, was arrested on 24 May and could face up to 65 years in jail, per DOJ.
They also flagged Wang and several associates, and three Thai companies, for their role in the botnet.
Starting in 2014, Wang is accused of using his own malware to hack into more than 600,000 Windows operating systems around the world, including 600,000 different IP addresses in the United States alone.
Prosecutors claim he was paid around $99 million by subscribers for use of the residential proxy service, which would let end users ‘browse the internet using the IP address of a computer owned by an innocent person’ in an effort to hide their own activity
Wang is charged with counts of computer fraud, wire fraud, and money laundering.
“This Justice Department-led operation was comprised of law enforcement partners around the globe that disabled 911 S5, a botnet that aided cyber‑attacks, wholesale fraud, child exploitation, harassment, bomb threats and exports violations,” the Attorney General Merrick B Garland said.
The company’s prosecutors later reported that the service had defrauded the government of $5.9 billion in relief funds from federal pandemic programmes.
According to court documents, Wang allegedly spread his malware through VPN programmes (such as MaskVPN and DewVPN, which he also ran as a torrent distribution model), as well as through pay-per-install services (which bundled his malware content into separate program files, including pirated versions of licensed software or material protected by copyright).
Wang hosted and leveraged approximately 150 dedicated servers worldwide (of which he leased a maximum of 76 from online service providers in the United States) to deploy and manage the applications, command and control the infected devices, operate his 911 S5 service and offer paying customers use of proxied IP addresses from the infected devices.
They raided the present incarnation of a now-defunct residential proxy service that shuttered in August 2022, capturing 23 domains and more than 70 servers.
These servers acted as the ‘backbone’ of the former initiative and the current one, the DOJ said.
‘The seizure of numerous domains associated with the historic 911 S5, in addition to several new domains and services associated with a recreation of the service, has stopped Wang’s attempts to further abuse his victims through a reconstituted service called Clourouter.io and closed the open backdoors he exploited when he was shut down earlier,’ the DOJ said.
Investigators say Wang used money from that service to buy properties in the US, China, Singapore, Thailand, the United Arab Emirates and St Kitts and Nevis, where he is a citizen.
Among the luxury cars scheduled to be seized are a Ferrari F8, several BMWs and a Rolls Royce. His 21 properties are also in jeopardy.
The investigation into 911 S5 surfaced due to an investigation into more than 2,000 orders made with stolen credit cards by fraudsters operating on ShopMyExchange, an e-commerce site affiliated with the Army and Air Force Exchange Service.
The Ghanaian and US-based fraudsters apparently obtained IP addresses from 911 S5.
The FBI and DOJ has taken down several botnets this year linked to nation-state hacking operations.
In January, it announced the dismantling of a botnet of infected home routers – part of the China-linked APT group Volt Typhoon – and, in February, dismantling a version of this botnet network, this time used by Russia’s GRU-linked APT28 group.
CrowdStrike's disastrous July 19 software update crippled Jetstar and exposed vulnerabilities, causing a global IT outage. Competitors like SentinelOne exploited the chaos, shaking customer trust and eroding CrowdStrike's market value by 25%.
This week, the cybersecurity world is in turmoil following a massive data breach at National Public Data. The breach, involving 2.9 billion records, has exposed sensitive information spanning decades.
A major cyberattack that led to a significant Microsoft Azure outage, a high-stakes prisoner swap involving Russian cybercriminals and U.S. journalists, and Google's urgent patching of an Android zero-day vulnerability.
We cover the extensive supply chain disruptions affecting logistics, airlines, and transport worldwide. Additionally, we examine the financial impact on CrowdStrike’s stock price and the ensuing reactions from financial markets and analysts.