Dutch government disrupts massive malware botnet linked to 17 million personal devices

Dutch authorities have dismantled a large-scale malware botnet believed to have infected more than 17 million devices worldwide, in what investigators describe as one of the biggest cybercrime infrastructure takedowns in recent years.

The operation targeted a network of over 200 servers hosted in the Netherlands that were allegedly used to manage infected devices and route malicious internet traffic across the globe.

Unsuspecting victims

According to investigators, the botnet was connected to a proxy service known as “Asocks,” a platform accused of selling access to compromised residential internet connections. Cybercriminals reportedly used the service to hide their identities while carrying out phishing attacks, spam campaigns, credential theft, and distributed denial-of-service (DDoS) attacks.

Rather than relying on traditional data center infrastructure, the network allegedly turned ordinary consumer devices into proxy nodes. Infected routers, smartphones, laptops, and IoT devices unknowingly became part of a global cybercrime operation.

Security experts warn that botnets of this scale are increasingly difficult to detect because infected devices often continue functioning normally while secretly processing malicious traffic in the background.

A sweeping clampdown

The disruption of the Asocks infrastructure lands amidst a broader, highly aggressive offensive by Dutch law enforcement against illicit digital hosting frameworks. Parallel to the botnet takedown, Dutch police announced the arrests of two men, aged 57 and 39, in Amsterdam and The Hague.

The individuals allegedly operated "bulletproof" web hosting firms that actively bypassed international sanctions to facilitate Russian state-sponsored cyberattacks against European Union infrastructure. During those raids, authorities searched corporate offices in Enschede and Almere, ultimately confiscating an additional 800 servers across data centers in Dronten and Schiphol-Rijk.

By pulling 17 million compromised nodes offline and stripping criminal actors of a massive, high-reputation traffic anonymizer, the Dutch government has delivered a substantial operational setback to global automated threat networks.

As investigations continue, users are being urged to update device firmware, change default passwords, enable multi-factor authentication, and monitor unusual network activity across home and business networks.