Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

The U.S. Justice Department, alongside Canadian and German authorities, successfully dismantled infrastructure supporting four major botnets that commandeered over three million compromised IoT devices. The operations targeted Aisuru, Kimwolf, JackSkid, and Mossad, each responsible for launching record-breaking distributed denial-of-service attacks.

These botnets primarily infected consumer-grade devices including routers, web cameras, and other connected hardware lacking robust security controls. Such devices remain attractive targets because users frequently neglect firmware updates and deploy default credentials. Once compromised, attackers weaponized the devices into DDoS armies capable of overwhelming virtually any online target with traffic floods.

Law enforcement disrupted command-and-control infrastructure that operators used to direct botnet activity across victim networks. This disruption severs the connection between attackers and their enslaved device fleet, effectively neutralizing attack capacity. The coordinated international action reflects growing recognition that botnet threats transcend borders and demand multinational response.

The four botnets generated DDoS attacks of unprecedented scale. Recent years saw record-breaking volumetric attacks exceeding 10 terabits per second, with these specific botnets linked to major incidents affecting critical sectors. Organizations struck by these attacks experienced complete service outages lasting hours or days, resulting in substantial financial losses and operational disruption.

The takedown addresses a persistent vulnerability in IoT ecosystem security. Manufacturers ship millions of devices with inadequate default protections. End users lack resources or knowledge to secure hardware properly. This creates a persistent reservoir of vulnerable targets available for botnet recruitment.

Organizations should prioritize IoT device inventory and network segmentation to limit botnet damage if infection occurs. Isolating IoT traffic from critical systems through separate VLANs or air-gapping reduces lateral movement risks. Network defenders should monitor for abnormal outbound traffic