U.S., Canadian, and German authorities dismantled infrastructure supporting four botnets that enslaved over three million compromised IoT devices. The Justice Department targeted Aisuru, Kimwolf, JackSkid, and Mossad. These botnets orchestrated record-breaking DDoS attacks capable of overwhelming most targets offline.
The operation disrupted a major attack surface. Routers and web cameras served as the primary compromised devices, reflecting the persistent vulnerability of poorly secured IoT deployments. These endpoints typically run outdated firmware, lack authentication enforcement, and remain exposed to the internet without segmentation.
Defenders should audit IoT device inventory immediately. Prioritize patching network-edge devices like routers and cameras. Enforce default credential changes across all IoT assets. Implement network segmentation to isolate IoT traffic from critical systems. Monitor outbound traffic from these devices for command-and-control communication patterns. Botnet operators pivot quickly after infrastructure disruptions, so assume some compromised devices remain active.
The takeaway is operational. The botnets' scale and destructive capacity justify enterprise-wide IoT hygiene reviews. Organizations running unmanaged IoT devices on production networks face both DDoS risk and lateral movement threats.