An international coalition of law enforcement agencies has dismantled a vast cybercriminal proxy network that enabled hackers to conceal their identities and carry out illegal online activities across the globe. The coordinated operation, announced by the European Union’s judicial cooperation agency Eurojust on March 13, marks one of the most significant efforts in recent years to disrupt digital infrastructure used by cybercriminal groups.

The large-scale operation involved authorities from eight countries and was supported by Europol, the European Union’s law enforcement agency. Investigators successfully shut down the hidden online service that operated the illicit proxy network, cutting off access for thousands of cybercriminal clients who relied on it to hide their digital footprints.

According to officials involved in the investigation, the network relied on malware that secretly infected hundreds of thousands of internet-connected devices. These devices primarily included home and office modems and routers, which are essential pieces of hardware that allow users to connect to the internet.

Authorities estimate that approximately 369,000 devices across 163 countries had been compromised. Once infected, the devices were silently integrated into the proxy network without the knowledge of their owners. This allowed the network’s operators to route internet traffic through these unsuspecting devices, effectively masking the true origin of online activity.

In practical terms, this meant that cybercriminals could appear to be operating from almost anywhere in the world. By routing their traffic through infected devices located in different countries, they could evade detection by investigators and bypass regional cybersecurity restrictions.

Experts say that such networks pose a major challenge for law enforcement because they obscure digital trails that are typically used to identify perpetrators. By constantly switching between thousands of compromised devices, criminals can make their activities extremely difficult to trace.

Investigators believe the proxy infrastructure functioned as a commercial service for cybercriminals. The network reportedly had around 124,000 customers, many of whom used it to conceal their identities while carrying out illegal online operations.

Proxy networks like this are often used for a wide range of cybercrime activities. These may include large-scale fraud campaigns, distributed denial-of-service (DDoS) attacks, credential stuffing, data theft, and the operation of illegal marketplaces. By masking their locations and identities, criminals can launch attacks while avoiding traditional cybersecurity defenses.

Authorities said customers paid for access to the network through a dedicated cryptocurrency payment platform, allowing them to remain anonymous while purchasing proxy services. The administrators of the system generated more than five million euros (approximately $5.76 million) in illegal revenue through these transactions.

The use of cryptocurrency added an additional layer of complexity to the investigation, as digital currencies can make financial transactions more difficult to trace compared with traditional banking systems. Nevertheless, investigators were able to follow the digital evidence and identify key elements of the operation.

The takedown was the result of an extensive investigation involving multiple international partners. Law enforcement agencies from several countries collaborated to track the infrastructure, identify compromised devices, and dismantle the network’s backend systems.

Eurojust played a key role in coordinating judicial cooperation between participating nations, ensuring that investigators could share evidence and execute legal actions simultaneously. Europol provided operational support, intelligence analysis, and cybersecurity expertise that helped investigators understand how the network functioned.

During the operation, authorities targeted servers and digital infrastructure used to operate the proxy network. By seizing or disabling these systems, they were able to shut down the hidden service and disrupt access for its users.

Officials said the coordinated nature of the action was essential because the network operated across dozens of jurisdictions. Without international cooperation, dismantling such a globally distributed system would have been far more difficult.

Cybersecurity experts warn that proxy networks built from infected devices represent a growing threat in the digital age. The increasing number of internet-connected devices—often referred to as the Internet of Things (IoT)—has created new opportunities for cybercriminals to exploit poorly secured hardware.

Many routers and modems operate with outdated software or weak security settings, making them attractive targets for malware. Once compromised, these devices can become part of a larger network controlled remotely by attackers.

Unlike traditional botnets that are often used to launch coordinated cyberattacks, proxy networks can be used to anonymize internet traffic. This makes them especially valuable for criminals who want to hide their identities while conducting illegal activities online.

Authorities involved in the investigation emphasized that ordinary users are often unaware that their devices have been compromised. In many cases, infected routers continue to function normally, making it difficult for owners to detect the problem.

Following the operation, cybersecurity specialists urged internet users and organizations to strengthen the security of their devices. Simple measures can significantly reduce the risk of infection.

Experts recommend regularly updating router firmware, changing default passwords, enabling strong encryption settings, and monitoring network activity for unusual behavior. Internet service providers are also encouraged to notify customers if suspicious activity is detected on their networks.

Cybersecurity awareness remains a key component of preventing such attacks. As digital infrastructure becomes increasingly interconnected, vulnerabilities in even small household devices can contribute to large-scale cybercrime operations.

Authorities indicated that the investigation into the proxy network is ongoing. Law enforcement agencies are continuing to analyze seized data and track the individuals responsible for operating the infrastructure.

Officials did not rule out further arrests or legal actions as the investigation progresses. The data recovered during the operation may also help identify cybercriminals who used the service to conduct illegal activities.

The takedown demonstrates the importance of international cooperation in combating modern cybercrime. As digital threats continue to evolve, coordinated global efforts will remain essential to protecting online systems and holding cybercriminals accountable.

For now, the dismantling of the proxy network represents a significant victory for law enforcement agencies working to disrupt the infrastructure that supports cybercrime worldwide. By shutting down a service used by tens of thousands of criminals and built on hundreds of thousands of compromised devices, authorities have dealt a major blow to one of the hidden engines of illicit activity on the internet.

Please follow Blitz on Google News Channel