U.S., German, and Canadian authorities have dismantled the command-and-control infrastructure behind four of the world’s largest DDoS botnets — Aisuru, KimWolf, JackSkid, and Mossad — in a coordinated international law enforcement operation targeting virtual servers, internet domains, and related infrastructure.
Together, the four botnets had infected more than three million IoT devices, including web cameras, digital video recorders, and WiFi routers, many inside the United States. The operators rented access to other criminals under a cybercrime-as-a-service model, with victims incurring tens of thousands of dollars in losses and remediation costs. In some cases, according to Akamai — one of the private sector partners in the action — attackers demanded extortion payments.
The scale of the attack traffic was extraordinary. According to the announcement, Aisuru alone issued more than 200,000 DDoS attack commands. JackSkid launched more than 90,000, KimWolf more than 25,000, and Mossad more than 1,000. Targets included IP addresses belonging to the Department of Defense Information Network (DoDIN).
Aisuru had set back-to-back DDoS records in the months before the takedown. In December, an attack attributed to it peaked at 31.4 Tbps and 200 million requests per second, primarily targeting telecommunications companies. A prior campaign reached 29.7 Tbps, and a November incident originating from 500,000 IP addresses — which Microsoft attributed to the same botnet — peaked at 15.72 Tbps.
Justice Department Details Scope
The U.S. Justice Department said the operation was designed to cut off botnet communications, prevent further device infections, and limit or eliminate the botnets’ capacity to launch future attacks. “This operation, in coordination with other international law enforcement actions, is intended to disrupt communications associated with the Aisuru, KimWolf, JackSkid, and Mossad botnets, preventing further infection to victim devices and limiting or eliminating the ability of the botnets to launch future attack,” the department said in its statement.
Akamai warned that the threat posed by infrastructure of this kind extends beyond individual victims. “These attacks can cripple core internet infrastructure, cause significant service degradation for ISPs and their downstream customers, and even overwhelm high-capacity cloud-based mitigation services,” the firm said.
More Read
How the Botnets Operated
The botnets primarily recruited IoT devices — consumer hardware with weak or default security configurations — and aggregated them into attack platforms available for hire. Cybercriminals purchasing access could direct hundreds of thousands of attack commands at targets of their choosing, generating traffic volumes capable of overwhelming even enterprise-grade defenses.
No arrests were announced in the Justice Department’s statement, which focused on infrastructure seizures and disruption rather than individual prosecutions.
Photo by Pixabay
This article is a curated summary based on third-party sources. Source: Read the original article
