Dutch authorities disrupted a large-scale botnet comprising at least 17 million infected devices, which was controlled via over 200 seized servers in the Netherlands. The botnet, reportedly linked to the Asocks proxy service, was used for criminal activities like DDoS attacks and traffic proxying by compromising devices without their owners' knowledge. To protect against such infections, IT professionals should change default credentials on network devices, apply the latest firmware updates, and disable unnecessary remote administration panels.
Dutch govt disrupts malware botnet with 17 million infected devices By Bill Toulas May 29, 2026 10:26 AM 0 Dutch authorities have taken offline a massive botnet of 17 million devices and seized more than 200 servers at a local provider that supported the operation. The action was carried out following an investigation from the Police in collaboration with the country's cybersecurity agency, the National Cyber ​​Security Centre (NCSC). According to the authorities, the seized servers controlled "computers, tablets, and smartphones to carry out cyberattacks." Botnets are networks of compromised devices used for illegal activities such as distributed denial-of-service (DDoS) attacks, malicious traffic proxying, or cryptocurrency mining. “The investigation revealed that the botnet consisted of at least 17 million infected devices and that the 200 servers used to host the infrastructure were located in the Netherlands,” the NCSC said . “ The police subsequently seized several botnet servers from a hosting provider for investigation purposes. The hosting provider took the botnet offline because it was being used for criminal activities.” Although the authorities did not name the botnet, local media reported that it was linked to a service called Asocks, which advertises itself as a “universal proxy service” with 7 million IP addresses, 150 locations, and 100,000 clients. The platform offers corporate, residential, and mobile proxies for monthly subscriptions between $5 and $15, with discounts for bulk purchases. Although such services often comprise IPs that voluntarily donate bandwidth by using a specialized client in exchange for a fee, NCSC’s action indicates that the owners of the devices that were part of the botnet did not knowingly participate in supporting cybercrime operations. BleepingComputer has contacted Asocks with a request for a comment on the allegations, but we have not received a response by publication time. To protect networking devices from botnet infections, ensure the default credentials have been changed to something unique and strong, the latest firmware update has been applied, and remote administration panels are disabled when not needed. The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold. This guide covers the 6 surfaces you actually need to validate. Download Now Related Articles: The Gentlemen ransomware now uses SystemBC for bot-powered attacks Netherlands seizes 800 servers of hosting firm enabling cyberattacks Russian hackers turn Kazuar backdoor into modular P2P botnet TrickMo Android banker adopts TON blockchain for covert comms GreyVibe hackers use ChatGPT, Gemini to power cyberattacks