All incidents

Google and FBI disrupt NetNut residential proxy network used for cybercrime

breachopenJul 2, 2026 — Jul 2, 2026
Google and FBI disrupt NetNut residential proxy network used for cybercrime

GOOGLE and the FBI have disrupted the NetNut residential proxy network, which relied on roughly two million home devices hijacked to hide criminal traffic (according to The Hacker News).

The operation followed the same playbook used against the IPIDEA network, with Google disabling accounts tied to NetNut‑distributed malware, sharing intelligence on its software development kits and backend servers, and strengthening Google Play Protect to warn users about abusive apps (as detailed in its threat‑intelligence blog).

NetNut’s infrastructure consisted of proxy endpoints that routed connections through compromised residential IP addresses, allowing actors to mask the origin of credential‑stuffing attempts, fraud campaigns and botnet commands.

Although no CVEs were attached to the disruption and no specific threat actors have been named, the takedown removes a major layer of anonymity that cybercriminals had abused for months.

Similar residential proxy services remain active, so defenders should watch for outbound connections to known proxy IP ranges, review permissions of any software that claims to sell unused bandwidth, and verify that applications come from official stores.

Endpoint protection tools should be updated with signatures for the NetNut SDKs identified in the Google advisory, application control policies should block untrusted bandwidth‑sharing clients, and threat‑intelligence feeds should be consulted for updates on emerging proxy abuse.

Intelligence briefing updated Jul 2, 2026

Timeline Coverage

Swipe to explore timeline