Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Foreign-run botnets relaying traffic through infected Canadian devices

Malware Activity
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

The public ruling confirms two foreign-run botnets used infected Canadian devices as traffic relays, a setup that can conceal probing of critical infrastructure, government, and military networks. The botnets relied on a command tier and a relay layer of compromised devices, including servers, SOHO routers, and IoT gear. The activity mattered because the relay pattern let operators blend malicious traffic into ordinary-looking connections and increase stealth. The same infrastructure also created a path for potential disruption against sensitive networks.

Related Happenings

CSIS court-authorized botnet disruption on Canadian devices

Public Sector Action
H score25 First: 22.06.2026 12:11 Last: 22.06.2026 12:11 Sources 1

How related: Canada's spy service got a judge's permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets.

About this happening: **CSIS** used a **judge-authorized threat reduction warrant** to disrupt **two foreign-run botnets** on **Canadian devices**, marking the service's first use of those powers in th...

Open Happening

Vo1d botnet campaign targeting unofficial Android-based TV boxes

Campaign
H score88 First: 18.06.2026 20:37 Last: 18.06.2026 20:37 Sources 1

About this happening: The **Vo1d** campaign continues to target **unofficial Android-based TV boxes**, keeping a large-scale proxy botnet alive across consumer devices. The operation turns those boxes...

Open Happening

Popa botnet forcing consumer TV boxes to relay traffic

Malware Activity
H score76 First: 18.06.2026 20:37 Last: 18.06.2026 20:37 Sources 1

About this happening: The **Popa** botnet has forced **millions of consumer TV boxes** to relay Internet traffic linked to **advertising fraud**, **account takeovers**, and **mass data-scraping efforts...

Open Happening

NCSC-UK joint advisory on covert botnets and proxy networks

Public Sector Action
H score66 First: 23.04.2026 15:28 Last: 23.04.2026 15:28 Sources 1

About this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...

Open Happening

TA551 campaign expands across multiple victims

Campaign
H score45 First: 25.03.2026 10:47 Last: 25.03.2026 10:47 Sources 1

About this happening: The **TA551 / Mario Kart** operation ran a **massive spam-email malware campaign** that spread infections worldwide and enabled later access sales to ransomware crews. At peak, it...

Open Happening

Timeline

  1. 22.06.2026 12:11 1 articles · 3h ago

    Federal Court grants CSIS first-of-its-kind botnet disruption warrant

    Legal Policy Action Update

    Justice Catherine Kane granted CSIS a first-of-its-kind threat reduction warrant authorizing remote alteration, degradation, and destruction of botnet data on Canada-based servers, SOHO routers, and IoT devices, and allowing the devices to be cut loose from the networks after the court found the threat to Canada clearly established and imminent.

    Show sources
    Open in new tab
  2. 22.06.2026 12:11 2 articles · 3h ago

    Federal Court publicly releases redacted ruling on CSIS botnet cleanup

    Initial Disclosure

    The Federal Court made public a redacted ruling revealing that CSIS had been authorized to reach into infected Canadian servers, SOHO routers, and IoT devices to neutralize two foreign-run botnets, marking the first public use of CSIS threat reduction warrant powers in this way.

    Show sources
    Open in new tab