DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

International cybercrime tackled: Amsterdam police and FBI dismantle proxy service Anyproxy

Posted on May 13, 2025 by Dissent

In a large-scale international investigation, the Amsterdam police, led by the Public Prosecution Service, and the American FBI have taken down the criminal proxy service Anyproxy. This service had been used by cybercriminals since 2004 to anonymously commit criminal acts, including phishing, ransomware attacks and data theft.

Moonlander seizure notice posted by the U.S. Attorney’s Office for the Northern District of Oklahoma, the FBI, and Dutch National Police.

Anyproxy has been used to shut down networks worldwide, steal large sums of money and steal sensitive data – while the perpetrators have remained out of sight. The longevity of the service and the millions of euros in damage it has caused underscore the importance of this action in preventing large-scale cyberattacks.

What is a proxy service?

A proxy service acts as an intermediary on the internet and hides the user’s real IP address. This makes the internet traffic appear to come from another device, for example a router in a Dutch household. Cybercriminals abuse these types of routers, often outdated devices without security updates (so-called “end-of-life” equipment), and then offer them for rent via underground marketplaces – only against anonymous payment in crypto currency. This makes it difficult to track down perpetrators.

While proxy services themselves are not illegal – many companies use them for privacy protection or access to blocked content – ​​they are also abused by criminals to cover their tracks.

International research

The investigation began after the Amsterdam police discovered that a Dutch citizen’s IP address was being misused for digital fraud. This led to the discovery that cybercriminals were gaining access to outdated routers of legitimate internet connections via Anyproxy, which helped them remain undetected.

Anyproxy was responsible for over 6,000 abused IP addresses, many of which were in the United States, according to police investigations. The police then decided to collaborate with the FBI under the name ‘Operation Moonlander’.

Dismantling criminal infrastructure

The Netherlands has one of the best connected digital infrastructures in the world. Especially in and around Amsterdam there are about sixty data centers. These data centers appear – due to the open nature of the market and lack of supervision of hosting services – to be an important base for illegal practices. The police investigation has shown that part of Anyproxy is hosted in the Netherlands.

On Wednesday, May 7, servers of Anyproxy and other affiliated proxy services were seized and taken offline worldwide. This action marks a major step in the fight against organized cybercrime, dismantling a crucial digital infrastructure of criminals.

Do the check yourself – is your router safe?

It turns out that thousands of old routers worldwide that no longer receive updates are being abused without their owners’ knowledge as digital cover for criminal activities such as phishing and ransomware attacks. Outdated routers are an attractive target for cybercriminals. It is important to check whether your router is still supported and whether you receive regular security updates. If you do not receive them, it is time to replace your router. If your router is hacked, this can lead to slower internet, unreliable connections or even the loss of personal data. Cybercriminals can gain access to your network and infect your devices with malware. So make sure that your router is always up to date and well secured.

Check via https://veiliginternetten.nl/doe-je-updates/ whether your equipment is vulnerable. Companies can go to https://www.ncsc.nl/documenten/publicaties/2019/mei/01/zicht-op-risicos-van-legacysystemen

Need for stricter legislation

With this operation, the Netherlands is sending a strong signal: our digital infrastructure must not be a safe haven for criminals. Better legislation is necessary to achieve structural effect. A clear appeal has already been made to the cabinet from the Amsterdam Triangle, including for the introduction of a mandatory Know-Your-Customer (KYC) policy and the banning of anonymous crypto payments.

American Justice

The US Department of Justice has charged three Russians and a Kazakh national for their roles in the criminal proxy services Anyproxy and 5socks.

For more information, see:

https://www.justice.gov/usao-ndok/pr/botnet-dismantled-international-operation-russian-and-kazakhstani-administrators
https://x.com/FBI/status/1920237529204166742?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet
https://x.com/FBI/status/1920222337653145618?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet

Source: Politie.NL


Related:

  • Hungarian police arrest suspect in cyberattacks on independent media
  • New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers
  • Gladney Adoption Center had serious data exposures in the past few months. What will they do to prevent more?
  • United Australia Party confirms ransomware attack, personal data and email correspondence exposed
  • Meta fixes bug that could leak users’ AI prompts and generated content
  • Mississippi Law Firm Sues Cyber Insurer Over Coverage for Scam
Category: Miscellaneous

Post navigation

← Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency
Personal information exposed by Australian Human Rights Commission data breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Scattered Spider is running a VMware ESXi hacking spree
  • BreachForums — the one that went offline in April — reappears with a new founder/owner
  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack (1)
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app
  • Au: Qantas hackers gave airline 72-hour deadline
  • Honeywell vulnerability exposes building systems to cyber attacks
  • Recent public service announcements of note — parents should take special note of these
  • Au: Junior doctor faces fresh toilet spying charges as probe widens to other major hospitals

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report