Authorities seize over 200 Netherlands servers tied to a commercial proxy network used for cyberattacks via compromised computers smartphones/IoT devices.

On 31 May 2026, Dutch authorities announced the takedown of a botnet that had enslaved 17m infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks.

The bot network, per the Dutch Politie and the National Cyber Security Center (NCSC), consisted of not only infected devices, but more than 200 servers located in the Netherlands that have acted as the platform’s backend infrastructure.

According to a statement issued by the NCSC, police officials seized a subset of these servers from a hosting provider that provided the infrastructure. The provider is said to have subsequently taken the botnet offline following its use for criminal purposes.

Although the name of the botnet was not explicitly mentioned, local news outlet NL Times reported that the service in question was Asocks, a company that offers residential proxies. In April 2024, researchers had already noted malware infecting Android devices with proxyware from LumiApps and Asocks. Per details shared on the latter firm’s website, the platform advertises corporate, residential, and mobile proxies for monthly subscriptions between US$5 and US$15.

Residential proxies have legitimate uses and privacy benefits, including to access geographically-restricted web resources. However, the ecosystem hosts many providers catering to bad actors that purchase access to compromised devices enrolled in these networks to route malicious traffic and carry out cyberattacks. “Devices can become part of a botnet when they are accessible to malicious actors,” according to the NCSC. After gaining access, attackers can install malware that allows the device to be controlled remotely. This enables the device to become part of a network used for cybercriminal activities.

To counter the threat posed by botnet malware, the public is advised to keep their IoT and network device operating systems up-to-date; maintain visibility of edge devices such as routers; and follow network security best practices.