{
	"id": "9df06e74-4106-40dc-850d-6b78f9ac6da2",
	"created_at": "2026-04-06T00:06:58.548248Z",
	"updated_at": "2026-04-10T03:21:22.507289Z",
	"deleted_at": null,
	"sha1_hash": "8e65365b494cae3c3d0642b32c0bfb2ea4a5a499",
	"title": "New action to combat cyber crime",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 35691,
	"plain_text": "New action to combat cyber crime\r\nBy Royal Hansen\r\nPublished: 2021-12-07 · Archived: 2026-04-05 20:13:24 UTC\r\nToday, we took action to disrupt Glupteba, a sophisticated botnet which targets Windows machines and protects\r\nitself using blockchain technology. Botnets are a real threat to Internet users, and require the efforts of industry\r\nand law enforcement to deter them. As part of our ongoing work to protect people who use Google services via\r\nWindows and other IoT devices, our Threat Analysis Group took steps to detect and track Glupteba’s malicious\r\nactivity over time. Our research and understanding of this botnet’s operations puts us in a unique position to\r\ndisrupt it and safeguard Internet users around the world.\r\nWe’re doing this in two ways. First, we are coordinating with industry partners to take technical action.\r\nAnd second, we are using our resources to launch litigation — the first lawsuit against a blockchain enabled\r\nbotnet — which we think will set a precedent, create legal liability for the botnet operators, and help deter future\r\nactivity.\r\nAbout the Glupteba botnet\r\nA botnet is a network of devices connected to the internet that have been infected with a type of malware that\r\nplaces them under the control of bad actors. They can then use the infected devices for malicious purposes, such\r\nas to steal your sensitive information or commit fraud through your home network.\r\nAfter a thorough investigation, we determined that the Glupteba botnet currently involves approximately one\r\nmillion compromised Windows devices worldwide, and at times, grows at a rate of thousands of new devices per\r\nday. Glupteba is notorious for stealing users’ credentials and data, mining cryptocurrencies on infected hosts, and\r\nsetting up proxies to funnel other people’s internet traffic through infected machines and routers.\r\nTechnical action\r\nWe coordinated with industry partners to take technical action. We have now disrupted key command and control\r\ninfrastructure so those operating Glupteba should no longer have control of their botnet — for now.\r\nHowever, due to Glupteba’s sophisticated architecture and the recent actions that its organizers have taken to\r\nmaintain the botnet, scale its operations, and conduct widespread criminal activity, we have also decided to take\r\nlegal action against its operators, which we believe will make it harder for them to take advantage of unsuspecting\r\nusers. .\r\nLegal Strategy \u0026 Disruption\r\nOur litigation was filed against the operators of the botnet, who we believe are based in Russia. We filed the action\r\nin the Southern District of New York for computer fraud and abuse, trademark infringement, and other claims. We\r\nhttps://blog.google/technology/safety-security/new-action-combat-cyber-crime/\r\nPage 1 of 2\n\nalso filed a temporary restraining order to bolster our technical disruption effort. If successful, this action will\r\ncreate real legal liability for the operators.\r\nMaking the Internet Safer\r\nUnfortunately, Glupteba’s use of blockchain technology as a resiliency mechanism is notable here and is\r\nbecoming a more common practice among cyber crime organizations. The decentralized nature of blockchain\r\nallows the botnet to recover more quickly from disruptions, making them that much harder to shutdown. We are\r\nworking closely with industry and government as we combat this type of behavior, so that even if Glupteba\r\nreturns, the internet will be better protected against it.\r\nOur goal is to bring awareness to these issues to protect our users and the broader ecosystem, and to prevent future\r\nmalicious activity.\r\nWe don’t just plug security holes, we work to eliminate entire classes of threats for consumers and businesses\r\nwhose work depends on the Internet. We have teams of analysts and security experts who are dedicated to\r\nidentifying and stopping issues like DDoS, phishing campaigns, zero-day vulnerabilities, and hacking against\r\nGoogle, our products, and our users.\r\nTaking proactive actions like this are critical to our security. We understand and recognize the threats the Internet\r\nfaces, and we are doing our part to address them.\r\nRelated stories\r\nSource: https://blog.google/technology/safety-security/new-action-combat-cyber-crime/\r\nhttps://blog.google/technology/safety-security/new-action-combat-cyber-crime/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://blog.google/technology/safety-security/new-action-combat-cyber-crime/"
	],
	"report_names": [
		"new-action-combat-cyber-crime"
	],
	"threat_actors": [],
	"ts_created_at": 1775434018,
	"ts_updated_at": 1775791282,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8e65365b494cae3c3d0642b32c0bfb2ea4a5a499.pdf",
		"text": "https://archive.orkl.eu/8e65365b494cae3c3d0642b32c0bfb2ea4a5a499.txt",
		"img": "https://archive.orkl.eu/8e65365b494cae3c3d0642b32c0bfb2ea4a5a499.jpg"
	}
}