Global Operation Takes Down Largest DDoS Botnets
▼ Summary
– U.S., German, and Canadian authorities dismantled the C2 infrastructure of the Aisuru, KimWolf, JackSkid, and Mossad botnets, which targeted IoT devices.
– These botnets launched hundreds of thousands of massive DDoS attacks globally, including against U.S. Department of Defense networks.
– The Aisuru botnet set a record with a DDoS attack peaking at 31.4 Tbps, primarily targeting telecommunications companies.
– Collectively, the botnets infected over three million IoT devices, which were then rented out to other criminals in a cybercrime-as-a-service model.
– The attacks caused significant financial damage and could cripple core internet infrastructure, as noted by cybersecurity firm Akamai.
A major international law enforcement effort has successfully dismantled the infrastructure behind some of the world’s most powerful and disruptive botnets. Authorities from the United States, Germany, and Canada collaborated to seize the Command and Control (C2) servers used by the Aisuru, KimWolf, JackSkid, and Mossad networks. These botnets were responsible for orchestrating hundreds of thousands of massive Distributed Denial of Service (DDoS) attacks that targeted victims globally, including systems within the U.S. Department of Defense Information Network.
The operation focused on neutralizing the virtual servers, internet domains, and other critical infrastructure that allowed these malicious networks to function. By taking down these core components, officials aim to sever communication with millions of already infected devices and prevent the botnets from launching new assaults. The U. S. Justice Department emphasized that this coordinated action is designed to disrupt the botnets’ operations, stop further infections, and eliminate their capacity for future cyberattacks.
The scale of these networks was staggering. Collectively, they compromised more than three million Internet of Things (IoT) devices. Common targets included everyday consumer electronics like web cameras, digital video recorders, and WiFi routers, a significant number of which were located within the United States. The operators ran these botnets as a cybercrime service, renting out access to other criminals who then launched devastating DDoS campaigns. These attacks led to tens of thousands of dollars in losses for victims, who often faced extortion demands alongside the cost of remediation.
One botnet, Aisuru, was particularly notorious for its record-breaking attack power. In December, it executed a DDoS attack that reached a peak of 31.4 terabits per second (Tbps) and 200 million requests per second. This assault was part of a broader campaign focusing heavily on telecommunications companies. Aisuru had previously set another record with a 29.7 Tbps attack, and in November, an incident involving 500,000 IP addresses—attributed by Microsoft to the same group—peaked at 15.72 Tbps.
According to court documents, the volume of malicious commands issued was immense. The Aisuru botnet alone is alleged to have sent over 200,000 DDoS attack commands. The KimWolf network issued more than 25,000, JackSkid launched over 90,000, and Mossad initiated more than 1,000 such commands. Private sector partners like cybersecurity firm Akamai, which assisted in the operation, highlighted the severe impact of these attacks. They noted that such onslaughts can paralyze fundamental internet infrastructure, severely degrade services for internet providers and their customers, and even overpower high-capacity, cloud-based defense systems.
(Source: BleepingComputer)