🟠 High | Source: Krebs on Security
The FBI has seized hundreds of domains linked to NetNut, a residential proxy service run by Nasdaq-listed Israeli firm Alarum Technologies, following revelations that it was connected to the Popa botnet — a network of over two million compromised devices enrolled without meaningful user consent. Residential proxy networks like this are routinely abused to anonymise malicious traffic, making them a significant threat to cloud-based fraud detection, rate limiting, and access controls. The seizure follows investigative reporting by KrebsOnSecurity and coordinated action with industry partners.
Security Architect’s Take: Review your WAF and API gateway logs for traffic originating from residential proxy ranges — tools such as IPQualityScore, IPDB, or Cloudflare’s bot management can help identify and block known residential proxy infrastructure. Consider tightening bot detection policies and flagging unusual geographic or ASN anomalies in authentication and scraping-sensitive endpoints.
Original advisory: FBI Seizes NetNut Proxy Platform, Popa Botnet