In a major cybersecurity crackdown, Google disrupted the NetNut proxy network, which investigators said was used to support malware operations.
Alphabet’s Google said on Thursday it weakened a large network of internet-connected devices that was being used to hide and route malicious online activity.
The tech giant said it took action against the NetNut residential proxy network, also known as “Popa,” in partnership with the FBI and Lumen, among others.
Google said it disabled accounts and services used in NetNut-related malware command-and-control operations and shared technical intelligence on the group’s infrastructure with law enforcement and industry partners to support broader enforcement efforts.
Residential proxy networks allow users to route internet traffic through consumer IP addresses, which can mask the origin of online activity and help bypass security defenses.
Such networks can be used for legitimate purposes, but they are also often abused for cybercrime because they obscure the true source of traffic.
“We believe our coordinated actions have caused significant degradation to NetNut’s proxy network and its business operations, reducing the available pool of devices for the proxy operator by millions,” Google said in a blog.
Founded in 2017 as a subsidiary of Alarum Technologies, a cybersecurity firm in Israel,NetNut offers rotating residential, ISP, mobile, and datacenter proxies.
NetNut was one of the world’s largest commercial “residential proxy” networks, which hackers extensively hijacked to fuel cyberattacks.

