Dutch Police and NCSC dismantle 17-million-device botnet running on 200 servers seized from local hosting provider

On May 28, 2026, the Dutch National Police and the National Cyber Security Center announced they had taken down a large-scale botnet that had compromised roughly 17 million devices globally – computers, smartphones, and tablets – all funneled through approximately 200 servers physically hosted inside the Netherlands. The operation started with a tip from an independent security researcher who flagged the anomalous infrastructure to the NCSC. That led to a full forensic investigation before law enforcement moved in and seized servers directly from a local hosting provider. The provider subsequently pulled the remaining infrastructure permanently once the criminal use was confirmed. Some reporting points to the Asocks network as the likely target – a residential proxy service that essentially monetized compromised consumer devices as exit nodes. The NCSC published prevention guidance alongside the announcement, covering the usual fundamentals: patch operating systems and edge devices promptly, enforce MFA, replace default credentials, use WPA2/WPA3 on wireless networks, and maintain full visibility over devices on your perimeter. This follows a broader pattern of coordinated takedowns this year. Operation Lightning dismantled SocksEscort in March, which ran on hijacked SOHO routers via the AVRecon botnet. Around the same period, Aisuru, KimWolf, JackSkid, and Mossad proxy networks were also taken offline, and the IPIDEA proxy network was disrupted in January. submitted by /u/technadu [link] [comments]Technical Information Security Content & DiscussionRead More