The Federal Bureau of Investigation (FBI) has released a FLASH to disseminate indicators of compromise (IOCs) and identified tactics, techniques, and procedures (TTPs) associated with AVrecon malware. This malware has been observed targeting routers and other Internet of Things (IOT) devices, located in approximately 163 countries around the world, including the United States. Threat actors have been found to compromise routers, install AVrecon malware, and then sell access to the compromised devices as residential proxies using the SocksEscort residential proxy service. SocksEscort is believed to have compromised and sold access to approximately 369,000 devices since 2020.
The release of this FLASH follows the coordinated takedown of the SocksEscort service through a joint law enforcement operation. This operation was conducted by the FBI and partners at EUROPOL, France’s Office of Anti-Cybercriminalité (OFAC), the Dutch National Police, Austria’s Bundeskriminalamt (BK), the DoD Office of Inspector General’s Defense Criminal Investigative Service (DCIS), and the U.S. Internal Revenue Service (IRS).
Read the full advisory from the FBI here.
