A coordinated international law enforcement operation has taken down SocksEscort, a large malicious proxy service that cybercriminals used to hide their identities while committing large-scale financial fraud and cybercrime This article explores socksescort large malicious. . The U.S. Department of Justice (DOJ) was in charge of the operation, which included police from around the world.

Authorities say the network spread malware to thousands of internet routers around the world and let criminals send their traffic through these hacked devices. This let attackers hide where they really were and commit fraud that cost people, businesses, and banks in the US millions of dollars. Routers with malware on them used as a proxy network Court papers say that the SocksEscort operation went after routers in homes and small businesses.

Malware was put on devices that were easy to hack, turning them into nodes in a big home proxy network. These routers could secretly send internet traffic for paying SocksEscort customers once they were infected. This setup let hackers do illegal things with the IP addresses of hacked routers, making it look like they were doing nothing wrong and making it harder for investigators to track them down.

SocksEscort has reportedly given people access to about 369,000 IP addresses around the world since the summer of 2020. As of February 2026, the service still had about 8,000 routers that were infected, 2,500 of which were in the United States. According to investigators, criminals used the SocksEscort proxy network to carry out a number of online scams.

Attackers could get around security systems that look for strange login attempts or unusual geographic activity by hiding their real IP addresses. Some of the crimes that are connected to the network are: Taking over bank and cryptocurrency accounts Fake claims for unemployment insurance Scams that steal money from people and businesses Authorities pointed out a few important cases that were linked to the operation: A customer of a New York cryptocurrency exchange lost about $1 million worth of digital assets. A Pennsylvania manufacturing company lost about $700,000 to fraud.

People who are currently or were in the military and have MILITARY STAR cards lost almost $100,000 because of fake transactions. Officials say that these events are only a small part of the network's financial damage. International Operation Disrupts Infrastructure The disruption operation involved multiple international law enforcement partners.

Authorities in Austria, France, and the Netherlands were able to take down and shut down several SocksEscort servers. In the US, investigators used court-approved seizure warrants to take down dozens of domains that they thought were linked to the criminal proxy service. The FBI Sacramento Field Office was in charge of the investigation, with help from the Department of Defence Office of Inspector General, the Defence Criminal Investigative Service, and the IRS Criminal Investigation (Oakland Field Office).

Europol, Eurojust, and police departments in Germany, Hungary, Romania, Bulgaria, and Austria also helped. Cybersecurity groups also played an important role in finding and keeping an eye on the bad infrastructure. The DOJ said that Lumen's Black Lotus Labs and the Shadowserver Foundation gave investigators technical information that helped them shut down the network.

The Justice Department also used its International Computer Hacking and Intellectual Property (ICHIP) program to help coordinate cybercrime investigations in different areas. Officials say that the takedown shows how dangerous residential proxy networks powered by hacked devices are becoming. Cybercriminals are using these kinds of networks more and more to avoid being caught and to carry out fraud, credential theft, and other bad activities.

The investigation is still going on, and the authorities are still looking at the infrastructure to find out who ran the SocksEscort network.