Itnews.Au
Google and FBI Disrupt NetNut Residential Proxy Network Linked to 2 Million Devices
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On July 2, 2026, Google, in coordination with the FBI and Lumen Technologies, announced the disruption of the NetNut residential proxy network, also known as Popa, which is estimated to have compromised at least 2 million devices globally. This operation involved disabling Google accounts and services associated with the botnet's command-and-control infrastructure. The disruption is part of an ongoing campaign to dismantle malicious proxy networks, following a similar action against the IPIDEA network in January 2026. The NetNut network was used for various cybercriminal activities, including password spraying and malware command-and-control operations. Google shared technical intelligence on NetNut's SDKs and backend infrastructure with law enforcement and industry partners to bolster enforcement efforts. The disruption is expected to have significant ripple effects across the residential proxy ecosystem, but the resilience of individual networks remains a concern. Many popular residential proxy brands are suspected of whitelabeling NetNut's services, complicating the impact of the takedown.
Key Points: • Google and FBI disrupted the NetNut proxy network, affecting at least 2 million devices. • The operation involved disabling accounts linked to malware command-and-control operations. • Many residential proxy brands may be tied to NetNut, complicating the disruption's effectiveness.