The U.S. Department of Justice (DoJ) has successfully dismantled the command-and-control structures of several notorious Internet of Things (IoT) botnets. This operation, announced on Thursday, targeted botnets including AISURU, Kimwolf, JackSkid, and Mossad, following a court-approved enforcement action. The coordinated effort also involved authorities from Canada and Germany, with substantial support from private sector companies such as Akamai, Amazon Web Services, and Cloudflare.
International Collaboration in Cybercrime Combat
Numerous tech giants, including Google, Lumen, Nokia, and Oracle, contributed to the investigation, underscoring the global nature of this cybersecurity threat. The DoJ highlighted that these botnets were responsible for orchestrating distributed denial-of-service (DDoS) attacks globally, with some attacks peaking at an unprecedented 30 Terabits per second.
Cloudflare had previously linked the AISURU/Kimwolf botnets to a colossal 31.4 Tbps DDoS attack in November 2025. These botnets have been involved in hyper-volumetric attacks, with metrics reaching 3 billion packets per second and 54 million requests per second.
Identifying Key Suspects
Investigations have pointed to Jacob Butler, a 23-year-old from Ottawa, Canada, as a key figure behind Kimwolf. Despite Butler’s claims of being impersonated, cybersecurity journalist Brian Krebs identified him as a potential administrator. Another suspect is believed to be a 15-year-old residing in Germany, although no arrests have been reported yet.
The botnets have allegedly integrated over 2 million compromised Android devices, primarily off-brand TVs, into their networks. Across the board, these botnets have infected no fewer than 3 million devices worldwide, including digital video recorders and Wi-Fi routers.
Botnets’ Impact on Global Cybersecurity
The Kimwolf and JackSkid botnets have been noted for targeting devices usually well-protected by firewalls. The operators used a ‘cybercrime as a service’ model, selling access to these compromised devices to other cybercriminals. This strategy enabled the launch of numerous DDoS attacks, with AISURU alone responsible for over 200,000 attack commands.
Tom Scholl from AWS highlighted a significant evolution in botnet operations, with Kimwolf exploiting residential proxy networks by compromising home devices. Akamai confirmed these botnets’ capacity to generate attacks exceeding 30 Tbps, potentially crippling essential internet infrastructure and imposing severe strains on ISPs and cloud-based services.
As cyber threats continue to evolve, this operation by the DoJ and its international partners marks a critical step in mitigating the impact of IoT-based cybercrime, reinforcing the need for ongoing vigilance and collaboration in the cybersecurity community.
