US seizes domains and infrastructure used in sprawling botnet campaigns

Steven

US seizes domains and infrastructure used in sprawling botnet campaigns

Summary

Law enforcement in the United States, Germany and Canada executed a coordinated disruption operation that seized domains, virtual servers and other infrastructure used by four large botnets: Aisuru, KimWolf, JackSkid and Mossad. The networks comprised roughly three million compromised devices worldwide — many IoT devices such as cameras, routers and video recorders — including hundreds of thousands in the US. Prosecutors say the botnets issued hundreds of thousands of DDoS commands and were used to launch crippling distributed denial-of-service attacks, demand ransoms, and mask other criminal activity.

Key Points

  • Operation involved US, German and Canadian authorities and dozens of tech companies; multiple US-registered domains and servers were seized under warrants.
  • The four botnets controlled about three million devices globally, with hundreds of thousands inside the United States.
  • Reported DDoS command counts: Aisuru 200,000+, KimWolf 25,000+, JackSkid 90,000+, Mossad 1,000+.
  • Operators sold access to compromised devices to criminals who used them for DDoS attacks, ransom demands and to conceal other crimes.
  • KimWolf and JackSkid notably targeted devices behind firewalls and residential proxy networks, gaining footholds in home networks and streaming devices.
  • Cloudflare and others warned these botnets could cripple critical infrastructure and overwhelm legacy DDoS protections.
  • Amazon assisted in identifying command-and-control infrastructure and reverse engineering the malware; no arrests were publicly reported.

Context and relevance

This takedown is part of an ongoing international trend of coordinated actions against botnets that abuse IoT devices. The scale — millions of devices — highlights persistent vulnerabilities in consumer hardware and the growing use of botnets to amplify attacks or hide malicious activity. For organisations reliant on internet-facing services, the action underlines the importance of resilient DDoS defences and partnership with industry for threat disruption.

Why should I read this?

Short version: this shows how junk devices in people’s homes can be weaponised into multi-million-node cyber armies. If you run any network, own smart gadgets, or work in security, it’s worth a quick look — it’s a reminder that weak IoT kit and poor patching have real-world costs.

Author take

Punchy: A big, coordinated win for law enforcement — but not the end of the story. The operation disrupts command infrastructure and buys time; the underlying vulnerabilities and marketplaces selling access still exist. Read the detail if you want the nuts and bolts; skim if you just want the headline.

Source

Source: https://therecord.media/us-seizes-botnet-infrastructure-four-large-networks