Mar 20
/
Latest News
International Law Enforcement Dismantles Three Million-Device Botnet Empire Responsible for Record-Breaking DDoS Attacks
In a massive, globally coordinated operation, the United States Justice Department, alongside law enforcement agencies in Germany and Canada, has successfully dismantled the critical infrastructure behind four of the world's most destructive botnets.
The targeted networks—known as Aisuru, KimWolf, JackSkid, and Mossad—were collectively composed of more than three million compromised Internet of Things (IoT) devices, including digital video recorders, web cameras, and Wi-Fi routers. Cybercriminals utilized these enslaved devices in a crime-as-a-service model, renting out their immense collective bandwidth to launch devastating distributed denial-of-service (DDoS) attacks. These digital sieges overwhelmed targeted websites and cloud infrastructure, causing extensive financial damage through severe remediation expenses and subsequent extortion demands.
The sheer scale of the disruption caused by these botnets was unprecedented, generating hyper-volumetric attacks that broke historical records. Cybersecurity firms like Cloudflare and Akamai reported that attacks linked to the Aisuru and KimWolf networks peaked at a staggering 31.4 Terabits per second, a volume capable of crippling critical internet infrastructure and legacy cloud protections. According to prosecutors, the Aisuru botnet alone issued over 200,000 DDoS attack commands. The JackSkid botnet launched roughly 90,000 attacks, KimWolf issued more than 25,000, and Mossad contributed another 1,000. Because the botnets were actively targeting IP addresses belonging to the Department of Defense Information Network, the U.S. infrastructure seizures were executed via warrants from the Department of Defense Office of Inspector General's Defense Criminal Investigative Service.
What made this particular cybercriminal ecosystem so dangerous was a novel spreading mechanism designed to bypass traditional security perimeters. Amazon Web Services vice president Tom Scholl, who helped the FBI and Defense Department reverse-engineer the malware, noted that KimWolf and JackSkid represented a fundamental shift in botnet operations. Instead of just scanning the open internet, these botnets aggressively targeted residential proxy networks. By infiltrating home networks through deeply compromised, off-brand Android streaming TV boxes and other poorly secured smart home appliances, the malware gained access to local environments that are typically shielded by standard home router firewalls. This allowed the botnet to swell to over two million Android devices alone, creating a highly resilient and difficult-to-trace residential attack platform.
While the U.S. Justice Department has not yet announced formal domestic arrests, international authorities are closing in on the alleged operators. German police confirmed that they have identified two suspected administrators—including a 22-year-old Canadian man and a 15-year-old living in Germany—and have conducted extensive searches and evidence seizures at their residences. The takedown highlights the escalating necessity of public-private partnerships in modern cyber warfare, with dozens of tech giants, including AWS, Google, and Cloudflare, providing the crucial threat intelligence and network mapping required to finally pull the plug on this massive criminal enterprise.
The targeted networks—known as Aisuru, KimWolf, JackSkid, and Mossad—were collectively composed of more than three million compromised Internet of Things (IoT) devices, including digital video recorders, web cameras, and Wi-Fi routers. Cybercriminals utilized these enslaved devices in a crime-as-a-service model, renting out their immense collective bandwidth to launch devastating distributed denial-of-service (DDoS) attacks. These digital sieges overwhelmed targeted websites and cloud infrastructure, causing extensive financial damage through severe remediation expenses and subsequent extortion demands.
The sheer scale of the disruption caused by these botnets was unprecedented, generating hyper-volumetric attacks that broke historical records. Cybersecurity firms like Cloudflare and Akamai reported that attacks linked to the Aisuru and KimWolf networks peaked at a staggering 31.4 Terabits per second, a volume capable of crippling critical internet infrastructure and legacy cloud protections. According to prosecutors, the Aisuru botnet alone issued over 200,000 DDoS attack commands. The JackSkid botnet launched roughly 90,000 attacks, KimWolf issued more than 25,000, and Mossad contributed another 1,000. Because the botnets were actively targeting IP addresses belonging to the Department of Defense Information Network, the U.S. infrastructure seizures were executed via warrants from the Department of Defense Office of Inspector General's Defense Criminal Investigative Service.
What made this particular cybercriminal ecosystem so dangerous was a novel spreading mechanism designed to bypass traditional security perimeters. Amazon Web Services vice president Tom Scholl, who helped the FBI and Defense Department reverse-engineer the malware, noted that KimWolf and JackSkid represented a fundamental shift in botnet operations. Instead of just scanning the open internet, these botnets aggressively targeted residential proxy networks. By infiltrating home networks through deeply compromised, off-brand Android streaming TV boxes and other poorly secured smart home appliances, the malware gained access to local environments that are typically shielded by standard home router firewalls. This allowed the botnet to swell to over two million Android devices alone, creating a highly resilient and difficult-to-trace residential attack platform.
While the U.S. Justice Department has not yet announced formal domestic arrests, international authorities are closing in on the alleged operators. German police confirmed that they have identified two suspected administrators—including a 22-year-old Canadian man and a 15-year-old living in Germany—and have conducted extensive searches and evidence seizures at their residences. The takedown highlights the escalating necessity of public-private partnerships in modern cyber warfare, with dozens of tech giants, including AWS, Google, and Cloudflare, providing the crucial threat intelligence and network mapping required to finally pull the plug on this massive criminal enterprise.
Executive IT Forums, Inc.
Educational Programs on Information Technology, Governance, Risk Management, & Compliance (GRC).
Our Newsletter
Get regular updates on CPE programs, news, and more.
Thank you!
Copyright © 2026 Executive IT Forums, Inc. All Rights Reserved.
Get started
Let us introduce our school
Write your awesome label here.