Itnews.Au
Google and FBI Disrupt Massive NetNut Botnet Linked to 2 Million Devices
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On July 2, 2026, Google announced a significant disruption of the NetNut residential proxy botnet, which is linked to over 2 million compromised devices worldwide. This operation involved cutting off access to Google accounts and services used for command-and-control operations. The disruption was executed in collaboration with the FBI and Lumen Technologies, and it targeted 316 distinct threat clusters involved in cybercrime and espionage. The NetNut network, also known as Popa, has been used for various attacks, including password spraying. Google warned that many residential proxy brands might be associated with this operation, predicting widespread ripple effects across the malicious proxy ecosystem. The FBI also seized hundreds of domains associated with the NetNut service, enhancing the impact of the takedown. This coordinated action aims to degrade the operational capabilities of the botnet significantly.
Key Points: • Google and FBI disrupted the NetNut botnet, affecting over 2 million devices. • The operation targeted 316 threat clusters involved in cybercrime and espionage. • NetNut's proxy network was used for attacks like password spraying and is linked to multiple cybercriminal activities.