Return to Threats

Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices

thehackernews.com 2026-07-03 AI supply chain High

What Happened

Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people's traffic. Working with the FBI, Lumen, and others, Google's Threat Intelligence Group (GTIG) said this week it had reduced the network's pool of usable devices by millions. Google identifies NetNut, also tracked as Popa, as a network spread across home

Why It Matters

The article reports that Google, in coordination with the FBI, Lumen, and other partners, has significantly degraded the NetNut/Popa residential proxy network, reducing its pool of hijacked home devices by millions and disabling accounts and services used for malware command-and-control and traffic laundering.[1][2][3] Residential proxy networks like NetNut route traffic through consumer devices (e.g., smart TVs and streaming boxes), providing anonymity that has been abused for malicious online activity, scraping, and botnet operations.[1][3][6][8] From a CyberSE.AI perspective, AI systems that depend on public web data, threat intelligence feeds, or external network infrastructure are exposed to supply chain risk when that infrastructure is secretly backed by residential proxy botnets; organizations should treat third-party data-collection and proxy services as critical supply chain components, inventory and vet them in SBOMs, and monitor for dependence on malicious or law-enforcement-disrupted networks to avoid data poisoning, evasion, and operational instability. Robust AI supply chain governance and continuous review of network and data providers can reduce the impact of simila

Healthcare Fintech SaaS SMB AI startups

CyberSE Analysis

This signal maps to AI supply chain. Organizations using AI agents, LLM APIs, SaaS integrations, or sensitive data workflows should review whether this class of issue could create unauthorized tool execution, data leakage, weak approval gates, or unmanaged supply-chain exposure.

Recommended Actions

  • Restrict AI agent tool permissions and production write paths.
  • Review sensitive data access across prompts, logs, embeddings, memory, and SaaS integrations.
  • Add human approval workflows for high-impact or state-changing actions.
  • Run prompt injection and indirect prompt injection tests against affected workflows.
  • Document the owner, control gap, and remediation deadline for this risk class.

Source

https://thehackernews.com/2026/07/google-disrupts-netnut-residential.html

Talk to AI CISO