A court-authorized international law enforcement operation led by the U.S. Department of Justice has disrupted SocksEscort, a large residential proxy network that allegedly exploited thousands of internet routers worldwide to facilitate cybercrime and financial fraud.
Authorities said the U.S. government executed seizure warrants against dozens of internet domains registered in the United States that were allegedly connected to the criminal infrastructure. The announcement was made by U.S. Attorney Eric Grant.
According to court documents, the SocksEscort network infected home and small business routers with malware, allowing operators to redirect internet traffic through compromised devices
The network then sold access to these infected routers as proxy services to customers seeking to hide their true locations online.
Investigators said the service had been operating since at least the summer of 2020 and offered access to roughly 369,000 IP addresses at various points
As of February 2026, the SocksEscort platform listed about 8,000 infected routers available for purchase, including around 2,500 located in the United States.
Cybercriminals allegedly used the proxy network to conceal their identities while carrying out a range of fraudulent activities. These included account takeovers targeting U.S. bank accounts and cryptocurrency platforms, as well as schemes involving fraudulent unemployment insurance claims.
Authorities said the crimes caused millions of dollars in losses to victims. Among the cases cited by investigators was a New York resident who lost approximately $1 million in cryptocurrency from an exchange account
In another case, a manufacturing company in Pennsylvania lost $700,000, while current and former U.S. service members using Military Star credit cards were defrauded of about $100,000.
The operation involved coordinated action by international partners, with law enforcement agencies in Austria, France, and the Netherlands helping dismantle key SocksEscort servers.
The investigation is being led by the Federal Bureau of Investigation Sacramento Field Office, along with the Department of Defense Office of Inspector General’s Defense Criminal Investigative Service and IRS Criminal Investigation.
Authorities said the operation highlights the growing importance of international cooperation in combating cybercrime networks that exploit global digital infrastructure.
Your web3 identity + services + payments in one single link. Get your pay3.so link today.
関連記事
