Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

SystemBC operators expand into bespoke botnet and proxy resale

Threat Actor Meta
First reported
Last updated
Happening score
H score 38
1 unique sources, 1 articles

Summary

Hide ▲

SystemBC has shifted from a ransomware-enabling proxy botnet into a bespoke botnet and proxy-resale ecosystem, increasing the supply of high-volume criminal infrastructure and widening abuse across multiple customers. The change matters because it turns infected VPS victims into durable proxies for malicious traffic, credential brute-forcing, and other downstream criminal activity.

Related Happenings

Vidar infostealer market rise and distribution expansion

Malware Activity
First: 28.04.2026 22:07 Last: 28.04.2026 22:07 Sources 1

About this happening: **Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...

Open Happening

WhatsApp-delivered VBS Windows infection campaign

Campaign
First: 01.04.2026 14:49 Last: 01.04.2026 14:49 Sources 1

About this happening: A **new WhatsApp-delivered campaign** is spreading malicious **VBS files** that launch a **multi-stage Windows infection chain**, raising the risk of persistence and remote access...

Open Happening

AVRecon malware for Linux powering SocksEscort proxy network

Malware Activity
First: 12.03.2026 18:19 Last: 12.03.2026 18:19 Sources 1

About this happening: The **AVRecon** malware for Linux powered the **SocksEscort** proxy network, turning compromised **Linux-based SOHO routers** into traffic-routing nodes at scale. It was believed...

Open Happening

DOJ and Europol takedown of SocksEscort proxy network

Law Enforcement
First: 12.03.2026 18:19 Last: 12.03.2026 18:19 Sources 1

About this happening: U.S. and European law enforcement **took down** **SocksEscort**, a long-running cybercrime proxy network that routed traffic through compromised edge devices. The action **seized...

Open Happening

SystemBC long-running global proxy malware operation

Malware Activity
First: 04.02.2026 18:15 Last: 04.02.2026 18:15 Sources 1

How related: SystemBC has exhibited sustained activity and operational resilience across multiple years, establishing itself as a persistent vector within the cyber threat landscape,

About this happening: **SystemBC** is a long-running **proxy malware** operation that turns compromised hosts into **SOCKS5 relays** and is repeatedly used to support **ransomware activity**. New repor...

Open Happening

Timeline

  1. 19.09.2025 17:26 2 articles · 8mo ago

    SystemBC evolves into a bespoke botnet and proxy-resale ecosystem

    Technical Analysis Update

    Black Lotus Labs at Lumen Technologies describes SystemBC as a persistent proxy network that evolved from ransomware support into the assembly and sale of bespoke botnets, with REM Proxy offering access to about 80% of the botnet, over 80 C2 servers, a daily average of 1,500 victims, and compromised VPS systems used to route malicious traffic and brute-force WordPress site credentials.

    Show sources
    Open in new tab