Botnet Infecting More Than 17 Million Devices Dismantled in Major International Operation

Law enforcement agencies have dismantled one of the largest botnets recorded to date — a network of more than 17 million compromised devices used for cyberattacks, fraud, and data theft worldwide.

Dutch police, working with Europol and partners in multiple countries, led the operation against the botnet, which primarily infected routers, security cameras, and other Internet of Things (IoT) devices. The takedown targeted servers hosted by a Dutch provider that were being used to control the network.

Scale of the Infection

The botnet spanned devices in more than 180 countries, with heavy concentrations in Europe, Southeast Asia, and Latin America. Many of the compromised machines were running outdated firmware or had default passwords that had never been changed. Once infected, the devices were used to launch DDoS attacks, act as proxies for malicious traffic, and steal login credentials.

Investigators described the network as unusually large and technically challenging to disrupt due to its decentralized structure.

How the Operation Unfolded

Authorities seized more than 200 servers linked to the botnet's command-and-control infrastructure. The operation involved close coordination between Dutch police, Europol, and international partners, including agencies in the United States and United Kingdom.

In a notable step, investigators worked with internet service providers to notify affected users and, where possible, push security updates to clean the malware from infected devices.

The malware exploited known vulnerabilities in dozens of router and IoT device models, many of which had not received security updates for years.

Why This Matters

The scale of this botnet highlights the growing risks posed by poorly secured connected devices. For comparison, the infamous Mirai botnet that made headlines in 2016 infected roughly 600,000 devices. This latest network was nearly 30 times larger.

Cybersecurity experts warn that the attack surface continues to expand as more households and businesses adopt smart devices without strong security protections.

"This is a reminder that every connected device is a potential entry point," said a spokesperson for the UK's National Cyber Security Centre. "Manufacturers must prioritize security from the start."

What Device Owners Should Do Now

• Change default usernames and passwords on all routers, cameras, and smart devices immediately.
• Disable remote access features unless absolutely necessary.
• Check for and install the latest firmware updates from manufacturers.
• If your internet provider contacts you about a compromised device, take action promptly.

Europol and Dutch authorities have published guidance for users who may have been affected.

By Jessica, Staff Writer