Feds disrupt monster IoT botnets behind record-breaking DDoS attacks

Steven

Feds disrupt monster IoT botnets behind record-breaking DDoS attacks

Summary

The US Department of Justice, working with German and Canadian authorities, disrupted the command-and-control infrastructure for four massive IoT botnets — Aisuru, KimWolf, JackSkid and Mossad. Together they had compromised over three million internet-connected devices such as routers, IP cameras and DVRs, and were behind hundreds of thousands of DDoS attacks, including traffic spikes exceeding 30 Tbps (one peaking at about 31.4 Tbps). The operators monetised the networks via DDoS-for-hire services and extortion. Domains and backend systems coordinating the botnets were seized, which significantly reduces the networks’ immediate effectiveness, though infected devices remain in the wild.

Key Points

  • DOJ-led operation targeted the command-and-control infrastructure for four major botnets: Aisuru, KimWolf, JackSkid and Mossad.
  • More than three million devices were compromised, largely consumer IoT with weak credentials and unpatched firmware.
  • The botnets powered hundreds of thousands of attacks and could generate traffic above 30 Tbps, including a 31.4 Tbps peak.
  • Operators ran DDoS-for-hire services and used extortion, turning consumer kit into rentable attack infrastructure.
  • Authorities seized domains and backend systems, crippling coordination but not cleaning infected devices — the recruitment pool remains large.

Context and relevance

This takedown is a meaningful short-term win against some of the largest DDoS infrastructures ever observed, and it highlights two enduring problems: the commercialisation of botnets as a service and the fragile security posture of mass-market IoT devices. The disruption reduces immediate threat volume and protects high-value targets (including defence systems), but it doesn’t fix the root cause — millions of devices still ship with default credentials or outdated firmware. Expect law enforcement actions to continue, but also expect new botnets to emerge unless manufacturers and users improve baseline security.

Why should I read this?

Short version: big win, but don’t pop the champagne. If you care about network resilience, defence tech, or run public-facing services, this story explains why junk traffic has been deafening recently and why the relief might be temporary. It’s quick, it matters, and it tells you what to watch for next.

Source

Source: https://go.theregister.com/feed/www.theregister.com/2026/03/20/botnet_disruption/