"World largest botnet ever" shut down — US government seizes 911 S5 operation and takes it offline

News
By published

911 S5's mastermind was arrested in Singapore

An abstract image of a lock against a digital background, denoting cybersecurity.
(Image Credit: TheDigitalArtist / Pixabay) (Image credit: Pixabay)

The US government and the government of Singapore has dismantled what has been called “likely the world’s largest botnet ever” and arrested its administrator. 

The 911 S5 botnet granted cybercriminals means to keep their identities hidden while running different schemes. 

The news was confirmed by FBI Director, Christopher Wray, who said “working with our international partners, the FBI conducted a joint, sequenced cyber operation to dismantle the 911 S5 Botnet—likely the world's largest botnet ever...We arrested its administrator, Yunhe Wang, seized infrastructure and assets, and levied sanctions against Wang and his co-conspirators."

Millions of unique IPs

The news comes hours after it was reported that the US government had sanctioned three individuals and three companies for building and running 911 S5. 

The individuals were named as Yunhe Wang, Jingping Liu, and Yanni Zheng, while the companies are called Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited, all owned by Yunhe Wang and registered in Thailand. 

According to the US government, the group created a number of free VPN tools, which they offered to the general public. However, those that would install and use these tools would also get their devices infected with malware which would integrate the computers into the botnet. 

Then, the three would offer botnet’s services to various cybercriminals, who would use them to mask their online identities as they run different schemes. Among other things, the US government said the botnet was used to make bomb threats across the US, roughly two years ago.

Allegedly, the botnet had more than 19 million unique IP addresses, 600,000 of which were from the United States. 

"Wang [..] managed and controlled approximately 150 dedicated servers worldwide, approximately 76 of which he leased from U.S. based online service providers," the Justice Department said. "Using the dedicated servers, Wang deployed and managed applications, commanded and controlled the infected devices, operated his 911 S5 service, and provided paying customers with access to proxied IP addresses associated with the infected devices."

Wang is suspected of making almost $100 million selling access to the botnet. 

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Ransomware
8base ransomware site taken down in global police operation
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
A major FBI operation has deleted Chinese malware from thousands of US computers
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Another huge new botnet is infecting thousands of webcams and video recorders for DDoS attacks
DDoS Attack
World's largest DDoS attack blocked, Cloudflare claims
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
BadBox malware hit after infecting over 500,000 Android devices
Cyber crime concept with man in handcuffs
Global police operation takes down major cybercrime and hacking forums
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
More about security
Sam Altman and OpenAI

OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
best of Studio Ghibli movies Netflix

I refuse to jump on ChatGPT’s Studio Ghibli image generator bandwagon because it goes against everything I love about those movies
See more latest
Most Popular
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
HP ZBook Ultra G1a
HP's ridiculously fast Ryzen AI Max+ Pro 395 laptop with 128GB RAM goes on sale everywhere in the US, but it won't be cheap
A mobile phone showing the Signal logo in front of a screen showing the app
Signalgate explained: what is Signal, and how secure is the messaging app?
Asus Ascent GX10 Rear
Asus's more affordable version of Nvidia's uber-popular Project Digits snapped at GTC 2025
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA