Dutch Police and NCSC Dismantle 17 Million-Device Botnet From Netherlands Servers
Image: The Register

Dutch Police and NCSC Dismantle 17 Million-Device Botnet From Netherlands Servers

29 May, 2026.Technology and Science.12 sources

The story in 15 seconds

  • Botnet comprised about 17 million devices worldwide.
  • 200 servers managed the botnet's central infrastructure.
  • Joint operation by Dutch police and the NCSC; Netherlands-hosted infrastructure.

The divide · 1 of 2

ASOCKS linkage certainty varies

Highlights confidence gap between outlet naming and independently unverified reporting.

Who skipped what

How each outlet frames it

Every outlet we compared, the headline it ran, and a link to the original article.

Source Diversity
12 sources
Western Mainstream
5
Local Western
3
Western Alternative
2
Other
2

Western Mainstream

Ars Technica
Ars Technica

Botnet of more than 17 million devices dismantled

29 May, 2026

Read the original →
France 24
France 24

Europol and Eurojust announce that they have dismantled a major pro-Russian hacker group.

29 May, 2026

Read the original →
franceinfo
franceinfo

The infrastructure of a pro-Russian hacker collective responsible for more than 2,200 cyberattacks in France has been dismantled.

29 May, 2026

Read the original →
NL Times
NL Times

NCSC and Dutch police disrupt global botnet controlled via Netherlands-based servers

28 May, 2026

Read the original →
Ouest-France
Ouest-France

The pro-Russian hacker group NoName057(16) dismantled as part of the Eastwood operation.

29 May, 2026

Read the original →

Western Alternative

Euractiv
Euractiv

Dismantling of a major pro-Russian hacker group

29 May, 2026

Read the original →
Interesting Engineering
Interesting Engineering

Global cyber raid shuts down massive 17 million-device botnet network

29 May, 2026

Read the original →

Local Western

Génération NT
Génération NT

The Endgame operation shakes up the world of droppers.

29 May, 2026

Read the original →
Le Monde Informatique
Le Monde Informatique

Telex: Google confirms its leak of confidential documents, Europol strikes at the heart of droppers' botnets, Iliad invests €2.5 billion in its data centers.

29 May, 2026

Read the original →
Team France Export
Team France Export

The Netherlands at the heart of dismantling a global cybercrime network.

29 May, 2026

Read the original →

Other

Help Net Security
Help Net Security

Dutch police disrupts botnet composed of 17 million devices

29 May, 2026

Read the original →
The Register
The Register

Dutch cops wrest 17M devices from mystery botnet's clutches

29 May, 2026

Read the original →

Full story

17M-Device Botnet Takedown

Dutch authorities dismantled a massive botnet that controlled more than 17 million infected devices in one of the largest cybercrime disruptions in recent years, in a joint operation involving the Dutch National Police and the National Cyber Security Centre (NCSC).

Authorities in the Netherlands said they dismantled a botnet that comprised more than 17 million devices and were managed by 200 servers in a joint operation by the police and the National Cyber Security Center

Ars TechnicaArs Technica

Investigators identified around 200 servers that managed the network’s infrastructure, and officials said the servers operated from hosting facilities inside the Netherlands.

Image from Ars Technica
Ars TechnicaArs Technica

The investigation began after a cybersecurity researcher alerted the NCSC about suspicious activity tied to a sprawling proxy network, and police later seized several servers connected to the network.

Authorities said the botnet supported phishing campaigns, spam distribution, and distributed denial-of-service attacks targeting online services, while hosting providers disabled parts of the infrastructure after confirming the systems supported criminal activity.

The NCSC and Dutch police said the botnet was taken offline after the Police Unit The Hague confiscated 200 servers from the hosting provider for forensic examination.

Residential Proxies, Harder

The operation centered on a “residential proxy service” model, where cybercriminals covertly infected poorly protected consumer devices and then used those compromised devices to route internet traffic and launch large-scale cyberattacks without the owners’ knowledge.

The NCSC explained that “Because residential proxies use real, trusted IP addresses, malicious use of them is much more difficult to detect or block,” and it added that many security systems and websites trust residential proxy IPs more than data-center or anonymous VPN traffic.

Image from France 24
France 24France 24

In the same NCSC advisory, the agency warned that “Residential proxies are used to maintain anonymity and circumvent geographical restrictions,” making it difficult to mitigate cybercrime.

The NCSC also advised users to change default passwords right away, ensure Wi-Fi is secured with WPA2 or WPA3, and install software updates as soon as they become available.

Ars Technica reported that the NCSC said the botnet was taken offline by the provider because it was used for criminal purposes, and it described the host infrastructure as located in the Netherlands.

Ongoing Threat and Mitigation

Dutch authorities said they did not identify suspects connected to the operation, and the investigation remained ongoing after police and the NCSC disrupted the infrastructure tied to the botnet.

Europol and Eurojust announce that they have dismantled a major pro-Russian hacker group

France 24France 24

The takedown was framed by the NCSC as a warning about insecure internet-connected devices, with officials saying poorly secured devices often become entry points for malicious software that attackers can remotely control without owners noticing suspicious behavior.

Officials urged consumers and businesses to strengthen device security, including installing software updates quickly and replacing default passwords on routers and smart devices, while also recommending enabling two-factor authentication and monitoring devices connected to home networks regularly.

In parallel, the NCSC and Dutch police advised users to secure Wi-Fi with WPA2 or WPA3 and to install updates as soon as they become available, reflecting the agencies’ focus on reducing exposure to proxy botnets.

The NCSC’s post also emphasized that residential proxies can resemble “regular” traffic, and it warned that this overlap complicates cybercrime detection and mitigation efforts for security teams.

The deep audit

How victims, perpetrators and terms are handled across outlets.

More on Technology and Science