美国摧毁IPStorm僵尸网络，俄罗斯-摩尔多瓦主谋认罪

The U.S. government on Tuesday announced the takedown of the IPStorm botnet proxy network and its infrastructure, as the Russian and Moldovan national behind the operation pleaded guilty.

美国政府周二宣布摧毁了IPStorm僵尸网络代理网络及其基础设施，该操作的幕后推手是俄罗斯和摩尔多瓦国籍的人，他已认罪。

"The botnet infrastructure had infected Windows systems then further expanded to infect Linux, Mac, and Android devices, victimizing computers and other electronic devices around the world, including in Asia, Europe, North America and South America," the Department of Justice (DoJ) said in a press statement.

“该僵尸网络基础设施已感染Windows系统，然后进一步扩散到感染Linux、Mac和Android设备，使全球范围内的计算机和其他电子设备受害，包括亚洲、欧洲、北美和南美，”司法部在一份新闻声明中表示。

Sergei Makinin, who developed and deployed the malicious software to infiltrate thousands of internet-connected devices from June 2019 through December 2022, faces a maximum of 30 years in prison.

谢尔盖·马基宁是从2019年6月至2022年12月开发和部署恶意软件，入侵数千台互联网连接设备的人，他最多可能面临30年的监禁。

The Golang-based botnet malware, prior to its dismantling, turned the infected devices into proxies as part of a for-profit scheme, which was then offered to other customers via proxx[.]io and proxx[.]net.

在解散之前，基于Golang的僵尸网络恶意软件将感染的设备变成代理，作为盈利计划的一部分，然后通过proxx[.]io和proxx[.]net向其他客户提供。

"IPStorm is a botnet that abuses a legitimate peer-to-peer (p2p) network called InterPlanetary File System (IPFS) as a means to obscure malicious traffic," cybersecurity firm Intezer noted in October 2020.

“IPStorm是一种滥用合法对等网络（称为InterPlanetary File System，IPFS）的僵尸网络，用作掩盖恶意流量的手段，”网络安全公司Intezer在2020年10月指出。

The botnet was first documented by Anomali in May 2019, and, over the years, broadened its focus to target other operating systems such as Linux, macOS, and Android.

该僵尸网络首次由Anomali于2019年5月记录，多年来，它扩大了对其他操作系统（如Linux、macOS和Android）的目标。

Threat actors who wish to hide their malicious activities could purchase illegitimate access to more than 23,000 bots for "hundreds of dollars a month" to route their traffic. Makinin is estimated to have netted at least $550,000 from the scheme.

希望隐藏其恶意活动的威胁行为者可以购买对超过23,000个僵尸机器的非法访问，以“每月数百美元”的价格路由其流量。根据估计，马基宁至少从该计划中获得了55万美元。

Pursuant to the plea agreement, Makinin is expected to forfeit cryptocurrency wallets linked to the offense.

根据认罪协议，马基宁将被要求放弃与犯罪行为相关的加密货币钱包。

"The Interplanetary Storm botnet was complex and used to power various cybercriminal activities by renting it as a proxy as a service system over infected IoT devices," Alexandru Catalin Cosoi, senior director of investigation and forensics unit at Bitdefender, said in a statement shared with The Hacker News.

“Interplanetary Storm僵尸网络非常复杂，被用于通过感染的IoT设备租用其作为代理服务系统，以支持各种网络犯罪活动，”比特缺陷公司调查和取证部门的高级主管亚历山德鲁·卡塔林·科索伊在一份与The Hacker News分享的声明中说。

"Our initial research back in 2020 uncovered valuable clues to the culprit behind its operation, and we are extremely pleased it helped lead to arrests. This investigation is another primary example of law enforcement and the private cybersecurity sector working together to shut down illegal online activities and bring those responsible to justice."

“我们2020年的初步研究揭示了其操作背后的罪犯的有价值线索，我们对此有所帮助并非常高兴，因为它有助于逮捕。这项调查是执法机关和私人网络安全部门共同努力关闭非法在线活动、将责任人绳之以法的又一个主要例子。”

原文始发于微信公众号（知机安全）：美国摧毁IPStorm僵尸网络，俄罗斯-摩尔多瓦主谋认罪