[BOTNET] A Dutch company serving as a nest for tens of IoT botnets dismantled by the police

The Dutch police seized the servers of the company KV Solutions in early October after it was accused by several cybersecurity companies of offering an infrastructure for cybercriminals to host tens of IoT botnets responsible for tens of thousands of DDoS attacks. KV essentially acted as a bulletproof hosting provider, deliberately ignoring both the cybercriminal practices hosted on its servers and the complaints filed by victims against its activities. KV provided hackers with a shelter for their botnets as well as hosting phishing pages, malware directories, vulnerability scanners and command-and-control servers. Since its inception in 2017, KV has thus allowed the creation of several dozen botnets using IoT malware, which is designed to infect the Linus-based operating systems used to run routers and smart IoT devices. Victims of the bots include routers from ASUS and Netgear, along with IoT devices from AVTECH. The scale of some of these botnets and the increasing number of attacks launched from KV servers – 440,261 attempts in 2019 – eventually alarmed several cybersecurity companies such as Trend Micro, prompting investigations into the company’s role in the cyberattacks. Two suspects were arrested by the authorities, which successfully halted KV’s malicious activity that affected Ubisoft, Wish.com and all major Cloud providers such as AWS or Microsoft Azure.