An international law enforcement operation has disrupted SocksEscort, a malicious proxy service accused of helping cybercriminals conceal their identities while carrying out attacks and fraud online.
Authorities said the network exploited weaknesses in residential routers and Internet of Things devices, turning them into tools for criminal activity on a global scale. Investigators identified more than 369,000 compromised devices across 163 countries.
The infected devices were allegedly used to provide proxy access for a range of offences, including ransomware attacks, distributed denial of service attacks, financial fraud and the circulation of illegal content. By routing internet traffic through hacked consumer devices, the service allowed criminals to mask their real locations and make their activities harder to trace.
During the coordinated action, law enforcement agencies took down 34 domains and 23 servers linked to the network. Officials also froze 3.5 million dollars in cryptocurrency and disconnected infected devices from the service, significantly weakening the infrastructure behind the operation.
United States authorities said the service had been active for several years and had offered access to hundreds of thousands of IP addresses since 2020. Investigators added that, as recently as February 2026, thousands of infected routers were still being advertised for use, including a large number in the United States.
Officials said the compromised devices were used to support cyberattacks and fraud schemes that caused major financial losses. The service has also been linked to malware activity targeting small office and home office routers, underlining the growing security risks facing poorly protected internet connected devices.
The operation brought together law enforcement and judicial authorities from several countries, with support from international agencies and private sector cybersecurity researchers. Officials described the takedown as a major step in efforts to disrupt the criminal services that make cyberattacks easier to launch and harder to detect.
