Central government logo, link to homepage
National Cyber Security CentreMinistry of Justice and Security

Joint operation by police and NCSC takes down major botnet

News items
2 June 2026
Thanks to a successful collaboration between the police and the National Cyber Security Centre (NCSC), a large botnet has been taken offline. During the operation, 200 servers were identified and action was taken against them. These servers controlled millions of infected devices such as computers, tablets, and smartphones to carry out cyberattacks.

The network was discovered after a security researcher reported it to the NCSC. The NCSC then informed the Police. Together, they followed up on the report and launched an investigation. The investigation revealed that the botnet consisted of at least 17 million infected devices and that the 200 servers used to host the infrastructure were located in the Netherlands. The police subsequently seized several botnet servers from a hosting provider for investigation purposes. The hosting provider took the botnet offline because it was being used for criminal activities.

What is a botnet?

A botnet is a network of computers, routers, and smart devices, such as security cameras, that have been infected with malicious software. These devices are then misused for illegal activities. Criminals can remotely control the devices, often without the owner noticing. Botnets are used for cyberattacks, sending spam and phishing emails, online fraud, and disrupting websites by sending large amounts of internet traffic simultaneously.

How does a device become part of a botnet?

Devices can become part of a botnet when they are accessible to malicious actors. After gaining access, attackers can install malware that allows the device to be controlled remotely. This enables the device to become part of a network used for cybercriminal activities. To prevent your devices from being abused, you can take several measures:

  • Always keep your operating system, router, and apps up to date so known security vulnerabilities are patched. Ensure proper patch management and install updates promptly.
  • Maintain visibility of your edge devices. This means knowing which smart devices are connected to your network.
  • Use strong, unique passwords and enable two-factor authentication wherever possible.
  • Only install software and apps from trusted sources and avoid clicking on suspicious links or attachments.
  • Secure your Wi-Fi network with WPA2 or WPA3 and immediately change the default passwords of smart devices and routers.
  • Use antivirus or security software and regularly check which devices are connected to your network.

Empty layout section

Empty layout section

Empty layout section

Form
Did you find this page helpful?