An international operation spearheaded by the US Justice Department has successfully disrupted several Internet of Things (IoT) botnets employed in launching distributed denial-of-service (DDoS) attacks. This coordinated effort was announced on Thursday and marks a significant step in the fight against cybercrime.
Botnets Targeted in the Operation
The operation focused on dismantling the Aisuru, Kimwolf, JackSkid, and Mossad botnets. It was a collaborative effort involving major cybersecurity companies, law enforcement agencies in Germany and Canada, and tech giants such as AWS. Together, they worked to neutralize the threat posed by these botnets.
Collectively, these botnets have compromised over three million devices as of March 2026. Devices affected include DVRs, cameras, Wi-Fi routers, and various other IoT hardware. The widespread impact underscores the critical nature of this operation.
Details of the Botnet Activity
Over recent months, Aisuru has become notorious for executing large-scale DDoS attacks, some of which have set new records. Its successor, Kimwolf, has continued this legacy, particularly by exploiting residential proxy networks to expand its reach, infecting approximately two million devices.
In February, Cloudflare identified both Aisuru and Kimwolf as participants in the largest recorded DDoS attack, peaking at 31.4 Tbps. The Department of Justice reports that Aisuru alone was responsible for over 200,000 DDoS attack commands, with Kimwolf issuing 25,000 commands.
Law Enforcement and Cybersecurity Collaboration
While JackSkid and Mossad are less prominent, they were still responsible for 90,000 and 1,000 DDoS commands, respectively. AWS noted that JackSkid, like Kimwolf, utilized residential proxy networks to broaden its attack capabilities.
The disruption efforts included seizing domains, virtual servers, and other infrastructures linked to these botnets. Law enforcement agencies in Canada and Germany also conducted operations targeting botnet administrators and infrastructure, although no arrests were confirmed.
This operation represents a significant achievement in international cybersecurity efforts, demonstrating the power of global collaboration in combating cybercrime. The ongoing vigilance and cooperation between countries and companies remain crucial to preventing future cyber threats.
