Category: Infrastructure Hijack – End-of-Life Router Exploitation
Features: Router firmware compromise, command-and-control beaconing, proxy resale interface, identity masking via residential IPs, data packet redirection
Delivery Method: Exploitation of outdated routers (Linksys, Cisco, TP-Link), malware injection through known vulnerabilities, persistent C2 communication from Turkish infrastructure
Threat Actor: Chertkov, Morozov, Shishkin, Rubtsov (Russia/Kazakhstan), proxy abuse clientele (global obfuscation rings), overlapping Chinese state-aligned operations targeting U.S. infrastructure
They built a black market empire on your forgotten hardware.
Two of the most elusive and persistent proxy botnets on the internet — Anyproxy and 5socks — have officially been dismantled by an international law enforcement operation dubbed MOONLANDER, following years of global router abuse and quiet infiltration across U.S. networks.
Now, four men — three Russians and one Kazakhstani national — stand accused of infecting thousands of outdated routers and converting them into covert money-making machines that served both cybercriminals and, according to warnings, likely nation-state actors.
WHO THEY ARE
According to the U.S. Department of Justice:
- Alexey Viktorovich Chertkov, 37
- Kirill Vladimirovich Morozov, 41
- Aleksandr Aleksandrovich Shishkin, 36
- Dmitriy Rubtsov, 38 (Kazakhstani)
All face charges of conspiracy and damaging protected computers. Chertkov and Rubtsov were also charged with false domain name registration for allegedly using fake identities to cloak their infrastructure.
But these weren’t just bot herders — they were entrepreneurs of the underground, monetizing stolen connectivity through sophisticated reseller portals. Their marketplace offered more than 7,000 infected proxies at a time — some for as much as $110 per month. Investigators say the operation raked in an estimated $46 million over two decades.
THE METHOD
The duo’s infrastructure relied heavily on older-model routers, particularly those from Linksys and Cisco, most of which had reached end-of-life status — meaning they no longer received firmware updates or security patches. That made them prime targets.
Through known but unpatched exploits, they hijacked the routers, reconfigured them as proxy exit nodes, and bundled them into subscription packages offered on 5socks.net and Anyproxy.net — domains now taken over by U.S. authorities and bearing takedown banners from the MOONLANDER task force.
The underlying campaign was initially uncovered in 2023 by CERT Orange Polska, then tracked extensively by Lumen Technologies’ Black Lotus Labs, which published telemetry showing an average of 1,000 active bots per week operating in over 80 countries. According to their analysis, the majority of victims were located in the United States, followed by Canada and Ecuador.
“We believe their true bot population is less than advertised,” said Black Lotus Labs. “But the damage is still substantial, particularly in how these proxies were used to mask wider attacks.”
The backend command-and-control (C2) infrastructure was reportedly hosted in Turkey.
A DIGITAL GHOST ECONOMY
Law enforcement tied the group’s revenue to a Virginia-based domain registrar that handled payments and renewals. But this wasn’t just about making money. These proxy nodes were often leased out to unknown third parties, effectively masking the origin of malicious traffic — a practice that’s increasingly tied to both cybercriminal rings and state-backed intelligence groups.
The U.S. government has since issued an urgent FBI advisory, warning that obsolete routers — especially those with enabled remote administration settings — are being weaponized by adversaries, with Chinese actors named explicitly as key players in exploiting this vulnerability class.
“Chinese cyber actors are among those who have taken advantage of known vulnerabilities in end-of-life routers to establish botnets used to conceal hacking into U.S. critical infrastructure.”
This follows separate alerts in recent months involving TP-Link routers, which have been exploited repeatedly by Chinese hackers targeting U.S. telecom and energy sectors.
THE OKLAHOMA CONNECTION
The case was led by the FBI’s Oklahoma City office, after several infections were traced back to small businesses and residential networks in the state. Local ISPs and home users unknowingly served as hosts for a global cybercriminal marketplace.
In cooperation with law enforcement in Thailand and The Netherlands, as well as intelligence from Black Lotus Labs, the investigation culminated in a coordinated domain seizure and the formal unveiling of Operation MOONLANDER.
A GROWING THREAT: THE GHOST NETWORK UNDER YOUR FEET
The dismantling of Anyproxy and 5socks should be a wake-up call. Not just because these four men ran a $46 million shadow operation on outdated infrastructure — but because the vulnerabilities remain active, and the devices are still out there.
End-of-life routers aren’t just digital litter — they’re entry points to your network, your data, your location — and in some cases, your national infrastructure.
The Realist Juggernaut has long warned of invisible control layers within common hardware, and this case proves just how easily your old tech can become someone else’s weapon.
🔥 NOW AVAILABLE! 🔥
📖 INK & FIRE: BOOK 1 📖
A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed.
🔥 Kindle Edition 👉 https://a.co/d/9EoGKzh
🔥 Paperback 👉 https://a.co/d/9EoGKzh
🔥 Hardcover Edition 👉 https://a.co/d/0ITmDIB
Get your copy today and experience poetry like never before. #InkAndFire #PoetryUnleashed #FuelTheFire
🚨 NOW AVAILABLE! 🚨
📖 THE INEVITABLE: THE DAWN OF A NEW ERA 📖
A powerful, eye-opening read that challenges the status quo and explores the future unfolding before us. Dive into a journey of truth, change, and the forces shaping our world.
🔥 Kindle Edition 👉 https://a.co/d/0FzX6MH
🔥 Paperback 👉 https://a.co/d/2IsxLof
🔥 Hardcover Edition 👉 https://a.co/d/bz01raP
Get your copy today and be part of the new era. #TheInevitable #TruthUnveiled #NewEra
🚀 NOW AVAILABLE! 🚀
📖 THE FORGOTTEN OUTPOST 📖
The Cold War Moon Base They Swore Never Existed
What if the moon landing was just the cover story?
Dive into the boldest investigation The Realist Juggernaut has ever published—featuring declassified files, ghost missions, whistleblower testimony, and black-budget secrets buried in lunar dust.
🔥 Kindle Edition 👉 https://a.co/d/2Mu03Iu
🛸 Paperback Coming Soon
Discover the base they never wanted you to find. TheForgottenOutpost #RealistJuggernaut #MoonBaseTruth #ColdWarSecrets #Declassified
Help us bring real change! Corporate lobbying has corrupted our system for too long, and it’s time to take action. Please sign and share this petition—your support is crucial in restoring accountability to our government. Every signature counts! Thank you!
https://www.ipetitions.com/petition/restore-our-republic-end-lobbying
Support truth, health, and preparedness by shopping the Alex Jones Store through our link. Every purchase helps sustain independent voices and earns us a 10% share to fuel our mission. Shop now and make a difference!
https://thealexjonesstore.com?sca_ref=7730615.EU54Mw6oyLATer7a
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
