Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Operation Lightning takedown of SocksEscort proxy service

Law Enforcement
First reported
Last updated
Happening score
H score 40
1 unique sources, 1 articles

Summary

Hide ▲

International law enforcement partners dismantled the SocksEscort proxy service in Operation Lightning, disrupting a cybercrime network used to hide originating IP addresses and support fraud and other attacks. The service was allegedly tied to over 360,000 compromised routers and IoT devices across 163 countries since 2020, with about 8,000 infected routers listed by February 2026. On March 11, agencies seized 34 domains and 23 servers in seven countries, and the US froze $3.5m in cryptocurrency.

Related Happenings

Kimwolf operators build a cybercrime-as-a-service DDoS access market

Threat Actor Meta
First: 22.05.2026 11:50 Last: 22.05.2026 11:50 Sources 1

About this happening: The **Kimwolf** operators ran a **cybercrime-as-a-service** market that sold access to infected devices, widening **DDoS-for-hire** abuse. The model turned compromised **digital p...

Open Happening

First VPN had assets seized in First VPN takedown

Law Enforcement
First: 21.05.2026 18:30 Last: 21.05.2026 18:30 Sources 1

About this happening: Authorities **took down First VPN**, a **ransomware**-linked service used to hide cybercrime activity, in a coordinated action led by **France and the Netherlands**. The operation...

Open Happening

Interpol Operation Ramz cybercrime crackdown in MENA

Law Enforcement
First: 18.05.2026 17:00 Last: 18.05.2026 17:00 Sources 1

About this happening: **INTERPOL**'s **Operation Ramz** led to **more than 200 arrests** across the **Middle East and North Africa**, with law enforcement also identifying **382 additional suspects** i...

Open Happening

China-nexus hijacked-device proxy network campaign

Campaign
First: 23.04.2026 15:28 Last: 23.04.2026 15:28 Sources 1

About this happening: China-nexus hackers are **increasingly using** large-scale proxy networks of hijacked consumer devices to **evade detection**, making malicious traffic harder to trace and block....

Open Happening

NCSC-UK joint advisory on covert botnets and proxy networks

Public Sector Action
First: 23.04.2026 15:28 Last: 23.04.2026 15:28 Sources 1

About this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...

Open Happening

Timeline

  1. 13.03.2026 12:00 2 articles · 2mo ago

    Operation Lightning seizes SocksEscort infrastructure

    Legal Policy Action Update

    International law enforcement partners seized 34 domains and 23 servers in seven countries, froze $3.5m in cryptocurrency, and disrupted the SocksEscort malicious proxy service that routed traffic through infected routers.

    Show sources
    Open in new tab
  2. 13.03.2026 12:00 1 articles · 2mo ago

    SocksEscort network scale and abuse are disclosed

    Initial Disclosure

    SocksEscort was described as a malicious proxy service that allegedly compromised over 360,000 routers and internet of things (IoT) devices in 163 countries since 2020, offered customers over 35,000 proxies in recent years, and enabled concealment of source IP addresses for bank takeovers, cryptocurrency-account fraud, fraudulent unemployment insurance claims, ransomware, DDoS attacks, and CSAM distribution.

    Show sources
    Open in new tab