Coordinated Takedown Neutralizes Massive Botnet Infrastructure
In a significant blow to cybercriminal networks, law enforcement agencies from the United States, Canada, and Germany have jointly disrupted the infrastructure behind four highly destructive IoT botnets. These botnets—named Aisuru, Kimwolf, JackSkid, and Mossad—had compromised over three million Internet of Things (IoT) devices, including routers and web cameras, to launch some of the largest distributed denial-of-service (DDoS) attacks ever recorded. The operation, led by the U.S. Justice Department with support from the Defense Criminal Investigative Service (DCIS) and the FBI, targeted multiple U.S.-registered domains, virtual servers, and other attack infrastructure.
Scope of the Botnet Network
Authorities allege that the unnamed operators behind these botnets used their compromised devices to orchestrate hundreds of thousands of DDoS attacks, often accompanied by extortion demands. Victims reported losses and remediation costs reaching tens of thousands of dollars. The four botnets varied in activity: Aisuru issued over 200,000 attack commands, JackSkid launched at least 90,000 attacks, Kimwolf generated more than 25,000 commands, and Mossad was responsible for roughly 1,000 digital assaults.
Aisuru: The Pioneer of Record-Breaking Attacks
First emerging in late 2024, Aisuru quickly gained notoriety for its ability to infect new IoT devices at an alarming rate. By mid-2025, it was launching record-smashing DDoS attacks, capable of knocking nearly any target offline. The botnet’s rapid expansion set the stage for the creation of its variants.
Kimwolf: A Dangerous Variant with Internal Network Spreading
In October 2025, Aisuru was used to seed Kimwolf, a variant that introduced a novel propagation mechanism. Unlike its predecessor, Kimwolf could infect devices hidden behind internal network protections, significantly expanding its reach. The security firm Synthient publicly disclosed the vulnerability Kimwolf exploited on January 2, 2026, which helped slow its spread. However, several other IoT botnets have since emerged, copying Kimwolf’s methods while competing for the same pool of vulnerable devices.
JackSkid and Mossad: Mimicking Tactics
According to the DOJ, the JackSkid botnet also targeted internal network systems, similar to Kimwolf. While less prolific than Aisuru, JackSkid still managed to launch tens of thousands of attacks. Meanwhile, Mossad, the smallest of the four, conducted around 1,000 attacks but contributed to the overall disruption. The government’s seizure warrants targeted infrastructure specifically associated with these threats.
International Cooperation and Investigation
The operation was a collaborative effort involving the DCIS, the FBI’s Anchorage field office, and law enforcement agencies in Canada and Germany. Special Agent in Charge Rebecca Day emphasized, “By working closely with DCIS and our international law enforcement partners, we collectively identified and disrupted criminal infrastructure used to carry out large-scale DDoS attacks.” Nearly two dozen technology companies also assisted in the investigation.
The Justice Department stated that the action was designed to prevent further infections and limit the botnets’ ability to launch future attacks. The case remains under investigation, with the DoD Office of Inspector General’s DCIS leading the probe.
Impact on Victims and the IoT Landscape
The takedown highlights the growing threat posed by insecure IoT devices. With millions of routers, cameras, and other gadgets exposed to the internet, botnet operators continuously seek vulnerabilities to enroll them into attack armies. The extortion demands accompanying DDoS attacks have caused significant financial harm to businesses and organizations worldwide. This operation serves as a reminder of the importance of IoT security updates and network segmentation.
Conclusion
The coordinated international effort marks a major victory against cybercrime, but it is only one step. As botnets evolve and adopt new spreading techniques, ongoing vigilance and collaboration between public and private sectors are essential. The disruption of Aisuru, Kimwolf, JackSkid, and Mossad sends a clear message: law enforcement can and will dismantle the infrastructure behind massive DDoS attacks.