Botnet-driven DDoS attacks have grown sharply more disruptive since late 2024, with IoT devices increasingly weaponized against high-value targets — including U.S. military infrastructure.
The U.S. Justice Department, working alongside authorities in Canada and Germany, has dismantled the infrastructure behind four botnets that collectively compromised more than three million IoT devices, including routers and web cameras. According to the announcement, the four networks — named Aisuru, Kimwolf, JackSkid, and Mossad — are responsible for a series of record-breaking distributed denial-of-service attacks capable of taking nearly any target offline.
The scale of the attack activity was substantial.
Aisuru, the oldest of the four, issued more than 200,000 attack commands. JackSkid launched at least 90,000. Kimwolf issued more than 25,000 attack commands, and Mossad was attributed to roughly 1,000 digital sieges. The operators allegedly used these networks to extort victims, with some targets reporting tens of thousands of dollars in losses and remediation costs.
The Department of Defense Office of Inspector General’s Defense Criminal Investigative Service (DCIS) executed seizure warrants targeting multiple U.S.-registered domains, virtual servers, and other infrastructure used to attack internet addresses owned by the DoD. The DOJ says the action was designed to prevent further device infections and limit the botnets’ ability to launch future attacks.
How the Botnets Evolved
Aisuru emerged in late 2024 and was launching record-breaking attacks by mid-2025 as it rapidly infected new devices. In October 2025, it was used to seed Kimwolf — a variant that introduced a spreading mechanism allowing it to reach devices protected behind internal networks. On January 2, 2026, the security firm Synthient publicly disclosed the vulnerability Kimwolf was exploiting. That disclosure partially slowed its spread, but the DOJ notes that several other botnets have since emerged copying Kimwolf‘s methods while competing for the same pool of vulnerable devices. JackSkid also targeted systems on internal networks using a similar approach.
More Read
The FBI’s field office in Anchorage, Alaska led the domestic investigation alongside DCIS. Nearly two dozen technology companies assisted in the operation. “By working closely with DCIS and our international law enforcement partners, we collectively identified and disrupted criminal infrastructure used to carry out large-scale DDoS attacks,” said Special Agent in Charge Rebecca Day of the FBI Anchorage Field Office.
Suspected Operators
The DOJ confirmed that law enforcement actions in Canada and Germany targeted individuals allegedly operating the botnets, though no further details were provided on those suspects. A report identified a 22-year-old Canadian man as a core operator of Kimwolf, with multiple sources pointing to a 15-year-old living in Germany as the other prime suspect.
The DOJ says its next step is preventing reinfection of compromised devices and eliminating the remaining operational capacity of the four networks.
Photo by Brett Sayles on Pexels
This article is a curated summary based on third-party sources. Source: Read the original article
