Dutch police have helped dismantle a massive botnet operation believed to have infected roughly 17 million internet-connected devices around the world, marking one of the largest cybercrime disruptions coordinated by European law enforcement this year.
The operation targeted infrastructure used to control networks of compromised devices that were allegedly rented out to cybercriminals for distributed denial-of-service (DDoS) attacks, proxy services, credential theft campaigns, and other forms of online abuse. Authorities said the infected systems included routers, webcams, digital video recorders, and other internet-connected devices vulnerable to takeover through weak security settings or outdated software.
According to investigators, the botnet operators built a large network of hijacked devices that could be remotely controlled without the knowledge of their owners. Once infected, the systems were reportedly used to hide criminal activity, route malicious traffic, and launch attacks against organizations around the world.
The Dutch National Police worked alongside international partners as part of the takedown effort, which involved identifying command-and-control infrastructure, seizing servers, and disrupting communication channels used by the botnet operators. Officials said multiple systems connected to the operation were taken offline during the coordinated action.
Researchers believe portions of the network were also used as a residential proxy service. In these schemes, cybercriminals route internet traffic through infected consumer devices, making malicious activity appear to originate from legitimate home internet connections rather than criminal infrastructure.
Law enforcement agencies said the botnet was tied to cybercrime-as-a-service operations, allowing customers to pay for access to infected devices and attack capabilities without developing their own malware infrastructure. Similar services are frequently used in DDoS campaigns, credential stuffing attacks, fraud operations, and anonymity services for other cybercriminal groups.
Authorities have not disclosed the identities of all suspects connected to the operation. However, investigators confirmed that evidence was seized during searches linked to individuals believed to be involved in managing parts of the botnet infrastructure.
The disruption follows a series of recent international operations targeting large botnets and proxy networks that exploit poorly secured internet-of-things devices. Security agencies have increasingly focused on these networks because they can remain active for years while silently abusing consumer hardware on a massive scale.
Dutch authorities said forensic analysis of seized systems is ongoing and could lead to additional arrests as investigators continue tracing the infrastructure and financial activity linked to the operation.