Threat Actor Turns Thousands of IoT Devices Into Residential Proxies

A threat actor is monetizing vulnerable Internet-of-Things (IoT) devices by infecting them with malware and listing them as residential proxies within minutes after exploitation, Trend Micro reports.

Tracked as Water Barghest, the adversary has compromised over 20,000 IoT devices to date, renting them to threat actors looking to anonymize their activities.

Active for at least five years, Water Barghest has remained under the radar by extensively relying on automation, erasing log files to cover its tracks, and only accepting cryptocurrency payments.

The threat actor acquires IoT device vulnerabilities (including zero-days), uses publicly available online scanners to identify vulnerable devices, and then attempts to exploit them from a set of data center IP addresses. Compromised devices are quickly monetized on specialized marketplaces.

“In the case of Water Barghest, we have seen that the time between exploiting an IoT device and putting them for sale on a residential proxy marketplace can ...