Aug 20, 2025Ravie LakshmananBotnet / Cybercrime
A 22-year-old man from the U.S. state of Oregon has been charged with allegedly creating and overseeing a distributed denial-of-service (DDoS)-for-hire botnet referred to as RapperBot.
Ethan Foltz of Eugene, Oregon, has been recognized because the administrator of the service, the U.S. Division of Justice (DoJ) stated. The botnet has been used to hold out large-scale DDoS-for-hire assaults focusing on victims in over 80 nations since a minimum of 2021.
Foltz has been charged with one rely of aiding and abetting pc intrusions. If convicted, he faces a most penalty of 10 years in jail. As well as, regulation enforcement authorities carried out a search of Foltz’s residence on August 6, 2025, seizing administrative management of the botnet infrastructure.
“RapperBot, aka ‘Eleven Eleven Botnet’ and ‘CowBot,’ is a Botnet that primarily compromises gadgets like Digital Video Recorders (DVRS) or Wi-Fi routers at scale by infecting these gadgets with specialised malware,” the DoJ stated.
“Shoppers of Rapper Bot then difficulty instructions to these contaminated sufferer gadgets, forcing them to ship massive volumes of ‘distributed denial-of-service’ (DDoS) site visitors to completely different sufferer computer systems and servers positioned all through the world.”
Closely impressed by fBot (aka Satori) and Mirai botnets, RapperBot is understood for its potential to interrupt into goal gadgets utilizing SSH or Telnet brute-force assaults and co-opt them right into a malicious community able to launching DDoS assaults. It was first publicly documented by Fortinet in August 2022, with early campaigns noticed way back to Could 2021.
A 2023 report from Fortinet detailed the DDoS botnet’s enlargement into cryptojacking, profiting off the compromised gadgets’ compute sources to illicitly mine Monero and maximize worth. Earlier this yr, RapperBot was additionally implicated in DDoS assaults focusing on DeepSeek and X.
Foltz and his co-conspirators have been accused of monetizing RapperBot by offering paying prospects entry to a strong DDoS botnet that has been used to conduct over 370,000 assaults, focusing on 18,000 distinctive victims throughout China, Japan, the US, Eire and Hong Kong from April 2025 to early August.
Prosecutors additionally allege that the botnet comprised roughly 65,000 to 95,000 contaminated sufferer gadgets to drag off DDoS assaults that measured between two and three Terabits per second (Tbps), with the biggest assault doubtless exceeding 6 Tbps. Moreover, the botnet is believed to have been used to hold out ransom DDoS assaults aiming to extort victims.
The investigation traced the botnet to Foltz after uncovering IP deal with hyperlinks to numerous on-line providers utilized by the defendant, together with PayPal, Gmail, and the web service supplier. Foltz can also be stated to have searched on Google for references to “RapperBot” or “Rapper Bot” over 100 occasions.
The disruption of RapperBot is a part of Operation PowerOFF, an ongoing worldwide effort that is designed to dismantle felony DDoS-for-hire infrastructures worldwide.
