Google Tacks NetNut Botnet

black Android smartphone


Google and the FBI have dismantled one of the largest residential proxy networks serving cybercriminals and state actors, seizing hundreds of domains that supported more than two million compromised consumer devices. The operation against NetNut, also tracked as the Popa botnet, targeted infrastructure that routed malicious traffic through ordinary household connections, primarily hijacked Android-based smart TVs and streaming devices. This takedown coincides with a series of Google Cloud announcements that reveal a coordinated strategy: strengthening security controls while accelerating AI infrastructure and enterprise governance tools across retail, Africa, and regulated industries.

The convergence matters because commercial proxy services have become critical enablers for large-scale credential stuffing, advertising fraud, and data scraping. At the same time, Google is embedding itself deeper into regulated sectors and emerging markets through targeted investments and new connectivity hubs. These moves position the company to shape both the defensive perimeter and the generative AI tooling that enterprises will rely on.

Disrupting Commercial Proxy Networks at Scale

The NetNut disruption represents a rare public-private effort against a proxy provider with apparent commercial backing. Security researchers linked the service to Alarum Technologies, an Israeli firm whose software development kits were embedded in low-cost smart TVs without clear user consent mechanisms. Once installed, the devices quietly converted residential broadband connections into exit nodes for threat actors.

Google’s Threat Intelligence Group reported that at least 316 distinct threat clusters leveraged NetNut nodes in a single week in June 2026 for password-spraying and credential-stuffing operations. The FBI, working with Lumen Technologies, the Shadowserver Foundation, and IRS Criminal Investigation, seized domains and disrupted the command infrastructure. FBI and Google seized hundreds of domains tied to the NetNut proxy service, marking one of the largest coordinated actions against a residential proxy platform.

The technical sophistication of the Popa botnet—its use of deceptive SDKs and stealth communications—highlights how supply-chain compromises in consumer electronics can create persistent, hard-to-detect proxy infrastructure. For enterprises relying on IP reputation filtering, the loss of this network removes a significant evasion vector, though defenders must now watch for rapid migration to alternative residential proxy providers.

Retail AI Platforms Move Toward Real-Time Personalization

While security teams focused on infrastructure takedowns, Google Cloud made a strategic investment in Ubamarket’s Ubacart platform, an AI-powered loyalty system designed for convenience stores and forecourt retailers. The platform, built on Google Cloud and developed with partner Devoteam, uses purchasing patterns, location data, and engagement signals to generate hyper-personalized rewards without requiring new mobile applications.

Ubacart already serves chains such as CK Stores and James Retail Group. The new funding will expand capabilities to include streak-based rewards, predictive recommendations, and automated staff incentive programs. Retailers expect higher basket sizes and lower marketing waste, while brands gain precise targeting to specific consumers at the point of decision. Google Cloud committed significant capital to Ubacart to scale AI-driven retail engagement.

This investment signals Google Cloud’s intent to capture the long tail of retail technology, where smaller operators have historically lacked access to sophisticated AI. By embedding these tools directly into existing point-of-sale workflows, the company reduces friction that often stalls enterprise AI adoption.

Connectivity Hubs Anchor Cloud Expansion in Africa

Google Cloud’s infrastructure push in Africa centers on a new Digital Exchange Port in South Africa’s Eastern Cape, the first of four planned connectivity hubs. The facility will interconnect the Umoja subsea cable to Australia and a new route to India, creating a high-capacity switching point that reduces reliance on overseas routing for African traffic.

Announced at the inaugural Google Cloud Summit Africa in Johannesburg, the project builds on Google’s existing $1 billion commitment to the continent and a $37 million allocation for AI research and skills. A parallel Applied AI Lab in Accra, Ghana, will pair local startups with Google researchers and provide early access to frontier models. Google unveiled the Eastern Cape Digital Exchange Port as its first African connectivity hub.

These assets address both latency and sovereignty concerns that have slowed cloud adoption in the region. By terminating subsea cables directly into local exchange points, Google improves the reliability of its own cloud services while giving African enterprises lower-latency access to AI training and inference workloads.

Centralized Governance for Agentic AI Coding Tools

Enterprises adopting Anthropic’s Claude Code within Google Cloud environments now have a new control point. The Claude Apps Gateway, a self-hosted service, sits between local clients and Google Cloud to manage identity, policy enforcement, cost attribution, and routing at scale. Previously, organizations struggled with per-developer credential distribution and the absence of enforceable spend limits when granting access to Claude Code.

The gateway enables centralized policy application and verified usage reporting without forcing developers to manage individual service-account keys. It integrates with the Gemini Enterprise Agent Platform, allowing organizations to maintain inference within the Google Cloud perimeter while governing third-party AI coding tools. Google Cloud launched the Claude Apps Gateway to address enterprise governance gaps for AI coding assistants.

This development reflects a broader pattern: as agentic coding tools proliferate, platform providers must supply governance layers that satisfy compliance, audit, and cost-control requirements.

Talent Mobility and Ecosystem Effects

The appointment of two senior executives to IREN, a vertically integrated AI cloud provider, underscores the movement of talent between hyperscalers and specialized infrastructure players. Kambiz Aghili, formerly VP of Products at Oracle Cloud Infrastructure, joined as Chief Product Officer; Michael Nudelman, with prior experience at Google and CyrusOne, became Chief Development Officer. Their mandates cover product strategy for bare-metal GPU offerings and expansion of IREN’s 5 GW power portfolio.

These moves illustrate how expertise developed inside Google Cloud and competing platforms is migrating to challengers building alternative AI infrastructure stacks. The pattern suggests continued demand for leaders who understand both hyperscale operations and the specialized requirements of large-scale GPU clusters.

Collectively, these initiatives show Google Cloud executing across defensive, offensive, and expansion fronts simultaneously. The NetNut disruption removes a major attack surface, while retail AI investments, African connectivity projects, and enterprise governance tooling extend the platform’s reach into new verticals and geographies. The question for competitors and regulators is whether this integrated approach—linking security operations, infrastructure, and AI governance—will set de facto standards for how cloud providers manage risk and opportunity in an era of agentic AI.

Leave a Reply

Your email address will not be published. Required fields are marked *