Dutch Police + NCSC dismantle Asocks residential-proxy botnet (~17 M devices, 200 NL-hosted servers seized)

On 2026-05-28 the Cybercrime Team of the Dutch Politie Unit The Hague and the NCSC.nl jointly took down the Asocks residential-proxy infrastructure. Investigators identified and seized 200 control servers physically hosted at a Netherlands-based provider; the operation was triggered by a security-researcher tip routed through NCSC.nl to Politie (NL Times English summary; Risky Business News bulletin). The Asocks network covertly enrolled victim devices — computers, routers, tablets, smartphones, IoT — using malware tied to the PROXYLIB Go-based library and rented bandwidth to criminal customers for spam, phishing, credential-stuffing and DDoS. Reported total: ~17 million enrolled endpoints globally. Residential-proxy services like Asocks are the standard infrastructure layer behind source-IP-anonymised credential stuffing, account takeover and consent-grant phishing against public-facing login portals and VPN concentrators.