Meta News

US Department of Justice Takedown of Botnet 911 S5; Administrator YunHe Wang Arrested

Summary: The U.S. Department of Justice announced the neutralization of botnet 911 S5, arresting administrator YunHe Wang and seizing domains, marking a significant takedown of one of the largest botnets identified by 360 Netlab.

On May 29, 2024, the U.S. Department of Justice announced the neutralization of botnet 911 S5. Law enforcement seized associated domains and arrested administrator YunHe Wang to halt the operation.

Analysis by 360 Netlab indicates the organization operated between 2014 and July 2022 before re-emerging as CloudRouter in October 2023. The infrastructure encompassed approximately 19 million IP addresses across multiple jurisdictions prior to the May 2024 intervention.

The group distributed free VPN applications bundled with malware to infect users. These programs created persistent services acting as backdoors to grant proxy access to 911 S5 clients for command and control.

Shared infrastructure connects related domains to specific server IPs, such as 173.244.211.96, validating 360 Netlab's analysis of shared ownership between VPN services and the botnet infrastructure.

Although law enforcement action neutralized the immediate infrastructure, the operational methods and compromised device ecosystem suggest continued risks for network security professionals.

Key facts

  • May 29, 2024
  • DOJ
  • YunHe Wang
  • 911 S5
  • CloudRouter
  • 19M IPs
  • 2014-2024
  • ProxyGate
  • MaskVPN
  • ShieldVPN

Why it matters

The persistence of compromised devices despite infrastructure takedowns highlights the difficulty of fully eliminating distributed botnet operations. Security practitioners must monitor legacy infrastructure that may continue to facilitate malicious proxy activities despite arrests.

Key metrics

  • Infected IP Addresses: 19M IPs (Global Network Scale)
  • Takedown Date: 2024-05-29 Date (Law Enforcement Action)
  • Operational Duration: 10 years years (2014 to 2024)
  • Promotional Domains: 150+ domains (Takedown Sites)
X profile@360Netlabhttps://twitter.com/360Netlab
Embedded content for: US Department of Justice Takedown of Botnet 911 S5; Administrator YunHe Wang Arrested
Tags:
botnet threat-intelligence malware vpn law-enforcement

Structured details

  • Event date:
  • Location: United States
  • Industry: cybersecurity
  • Source type: media
  • Claim status: confirmed
  • Verification: claimed_by_source
  • Entities: US Department of Justice, 360 Netlab, YunHe Wang, 911 S5, CloudRouter, ProxyGate, MaskVPN, DewVPN, ShineVPN, PaladinVPN, Shield VPN

Source: https://blog.netlab.360.com/911s5/

Published on