US Disrupts Major Botnets Behind Record Cyberattacks

In a significant victory for global cybersecurity, U.S. authorities have successfully dismantled four massive botnets responsible for launching some of the largest distributed denial-of-service (DDoS) attacks ever recorded. The operation, led by the Department of Justice and the Defense Criminal Investigative Service, neutralized the command infrastructure for the botnets known as JackSkid, Mossad, Aisuru, and Kimwolf. These networks collectively controlled over three million compromised devices, which were used to flood targets with malicious traffic and were often rented out to other criminals for cyberattacks.

The Aisuru and Kimwolf botnets were particularly notorious, comprising more than a million devices between them. According to cybersecurity firm Cloudflare, these networks worked together to execute a devastating attack last November that peaked at over 30 terabits of data per second. This staggering volume nearly tripled the size of any previously recorded DDoS incident, demonstrating the immense disruptive power wielded by these hacker armies. The botnets infected a wide array of gadgets, from digital video recorders and webcams to Android-based smart TVs, turning ordinary internet-connected devices into weapons.

While no arrests have been announced publicly, the Justice Department confirmed collaboration with law enforcement partners in Canada and Germany, who are pursuing the individuals behind these operations. U. S. Attorney Michael J. Heyman emphasized the government’s unwavering commitment to protecting critical internet infrastructure and holding cybercriminals accountable, regardless of their location. This international effort highlights the growing coordination needed to combat threats that transcend national borders.

Aisuru had gained significant notoriety prior to its takedown, frequently being used in record-setting attacks throughout the previous fall. Operating as a “booter” service, its capabilities were available for hire, targeting entities ranging from popular gaming platforms like Minecraft to independent security researcher Brian Krebs. Krebs, who has extensively reported on the botnet underground, faced repeated assaults from Aisuru, underscoring the botnet’s use for both financial gain and intimidation.

The technical scale of these botnets is difficult to overstate. Cloudflare analysts described the combined force of Aisuru and Kimwolf as capable of launching attacks that could cripple critical infrastructure, overwhelm legacy cloud security systems, and even disrupt national-level internet connectivity. They likened the peak attack traffic to the entire populations of the United Kingdom, Germany, and Spain all attempting to access a single website at the exact same moment.

A critical common thread links all four dismantled networks: they are all modern variants of the original Mirai botnet. First emerging in 2016, Mirai itself made history by orchestrating a massive attack on DNS provider Dyn that temporarily knocked 175,000 websites offline. The open-source code from Mirai has fueled a decade of IoT-based cyber threats, serving as a foundational toolkit for hackers to build new botnets that exploit weak security in everyday smart devices. This takedown represents a major setback for this persistent criminal ecosystem, though the underlying vulnerability of insecure IoT devices remains a pressing global challenge.