Google Dismantles IPIDEA Residential Proxy Network
Analysis based on 7 articles · First reported Jan 29, 2026 · Last updated Feb 03, 2026
Google, in collaboration with industry partners like Cloudflare, Spur, and Lumen Technologies' Black Lotus Labs, has successfully dismantled IPIDEA, identified as one of the world's largest residential proxy networks. IPIDEA covertly enrolled millions of consumer devices, including Google===Android and Windows devices, into its network through deceptive software development kits (SDKs) embedded in various applications. These compromised devices were then used as exit nodes by over 550 threat groups, including state-sponsored actors from China, North Korea, Iran, and Russia, to conduct espionage, cybercrime, and information operations. Google's actions involved legal measures to seize IPIDEA's control domains, sharing technical intelligence with law enforcement and security firms, and updating Google Play Protect to automatically remove and block applications containing IPIDEA SDKs. This disruption significantly degraded IPIDEA's operations, reducing its available device pool by millions and impacting affiliated proxy operators.
Set up alerts, explore entity relationships, search across thousands of events, and build custom intelligence feeds.
Open Dashboard