A joint operation by Google and the Federal Bureau of Investigation (FBI) has successfully dismantled the NetNut botnet, a sprawling network of over 2 million compromised devices used to power a residential proxy service. The takedown, confirmed on 17 July 2026, marks one of the largest coordinated actions against proxy-based cybercrime infrastructure in recent years.
NetNut operated by routing internet traffic through infected home routers, smart devices, and computers without users' knowledge. This allowed criminals to hide their activities behind legitimate IP addresses, making detection difficult. Security researchers have warned that other residential proxy brands — some of which may rely on the same backend network — could still pose a threat to UK households and businesses.
For UK consumers, the immediate risk is that devices unknowingly enrolled in the botnet could be used for illegal activities such as credential theft, ad fraud, or distributed denial-of-service (DDoS) attacks. The Information Commissioner's Office (ICO) is expected to examine whether firms using such proxy services have breached UK data protection rules, particularly around consent and transparency under the Data Protection Act 2018.
Businesses face a dual challenge: ensuring their own networks are not part of the botnet, and assessing whether third-party vendors have used compromised proxy infrastructure. The UK's National Cyber Security Centre (NCSC) has previously advised organisations to monitor for unusual outbound traffic and to patch router firmware regularly. The EU AI Act, while not directly applicable to this case, sets a precedent for stricter oversight of automated systems that harvest personal data without consent.
Experts have highlighted the growing sophistication of proxy-based attacks. Dr. Elena Marchetti, a cybersecurity researcher at Imperial College London, said: 'Residential proxy networks blur the line between legitimate anonymity tools and criminal infrastructure. The NetNut takedown is a significant win, but UK regulators must now ensure that similar services cannot simply spin up new nodes.'
Google has stated that it will work with internet service providers (ISPs) to notify affected users and help clean infected devices. The company also plans to share technical indicators with law enforcement agencies in the UK and Europe to prevent the botnet from re-emerging under a different name.