CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?


Malware & Threats

US Announces IPStorm Botnet Takedown and Its Creator’s Guilty Plea

US government announces the takedown of the IPStorm proxy service botnet and the guilty plea of its creator, a Russian/Moldovan national.

Qlik Sense exploited by ransomware

The US government on Tuesday announced the takedown of the IPStorm botnet and the guilty plea of a man who created and operated the cybercrime service. 

According to the Justice Department, the FBI dismantled the infrastructure associated with the IPStorm malware, as well as the proxy network powered by the IPStorm botnet.

The malware was delivered to thousands of Windows, Linux, Mac and Android devices located all around the world, enabling cybercriminals to use the compromised devices for a proxy service. 

The proxy service, advertised on and, could be used by cybercriminals to hide their malicious online activities, with some customers paying hundreds of dollars every month to route their traffic through IPStorm-infected devices. The websites advertising the service claimed that it was powered by 23,000 proxies.

Sergei Makinin, a Russian and Moldovan national, has admitted creating and operating the botnet between June 2019 and December 2022, pleading guilty in September to three counts of transmitting a program that intentionally caused damage to protected computers.

Makinin faces up to 10 years in prison for each count and he has agreed to forfeit the cryptocurrency he earned as a result of his illegal activities. The man told investigators that he obtained at least $550,000 from the scheme.

It seems that the FBI took down the botnet infrastructure, but it did not attempt to identify impacted users or perform a cleanup of compromised devices, as it did in the past

The IPStorm malware caught the attention of the cybersecurity community back in 2019 because it leveraged the InterPlanetary File System (IPFS) peer-to-peer network, which could make it more difficult to detect malicious traffic and disrupt the botnet.

Advertisement. Scroll to continue reading.

Related: Emotet Botnet Disrupted in Global Law Enforcement Operation

Related: Glupteba Botnet Still Active Despite Google’s Disruption Efforts

Related: US Charges Russian Oligarch, Dismantles Cybercrime Operation

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...