Dutch Police Dismantle 17-Million-Device Botnet

Dutch law enforcement has dismantled a botnet comprising approximately 17 million infected devices, including computers, smartphones, and tablets, according to a report from SecurityWeek. The operation targeted command-and-control (C2) servers that orchestrated the sprawling network.

The botnet's scale is exceptional — with 17 million endpoints under its control, it represents one of the largest takedowns in recent memory. The infected devices were repurposed to form a residential proxy network, enabling actors to route malicious traffic through legitimate home IP addresses, complicating attribution and detection.

Technical analysis reveals that the botnet leveraged compromised devices across multiple platforms, not just traditional PCs but also mobile devices. The residential proxy service allowed cybercriminals to anonymize activities such as credential stuffing, ad fraud, and account takeovers by masking traffic as legitimate consumer connections.

No specific malware family or infection vector was disclosed in the report. Authorities did not confirm whether patches or cleanup tools have been released for affected users, though the seizure of C2 servers should disrupt the network's command capability. Affected device owners are advised to run anti-malware scans and update firmware.

Attribution remains unclear; the takedown was led by the Dutch police with no mention of specific threat actor groups. The operation underscores the growing threat of proxy-based botnets, which monetize residential IPs while making defenses harder to tune.