The U.S. Department of Defense (DoD) was among the targets of **Ethan Foltz’s 'Rapper Bot' botnet**, a highly sophisticated DDoS-for-hire network capable of generating **2–3 terabits per second** of malicious traffic. The botnet, comprising **65,000–95,000 infected devices** (including routers and DVRs), was used to overwhelm DoD networks, potentially disrupting critical operations, communications, or defense infrastructure. While the exact operational impact remains undisclosed, DDoS attacks of this scale can **degrade system performance, cause outages, or impede access to vital services**, posing risks to national security. The DoD’s **Defense Industrial Base (DIB)**—a network of contractors and suppliers essential to military readiness—was also at risk, as the botnet targeted broader defense-related entities. Law enforcement intervention in **August 2024** halted the attacks, but the incident underscores vulnerabilities in government cyber defenses. The DoD’s **Special Agent in Charge Kenneth DeChellis** emphasized the threat’s severity, linking it to broader criminal efforts to undermine defense cybersecurity (Operation PowerOFF).
Source: https://www.cbsnews.com/news/rapper-bot-ethan-foltz-ddos-cyberattacks-charges/
TPRM report: https://www.rankiteo.com/company/deptofdefense
"id": "dep1045082025",
"linkid": "deptofdefense",
"type": "Cyber Attack",
"date": "8/2024",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'Public Sector',
'location': 'USA',
'name': 'U.S. Government Network',
'type': 'Government'},
{'industry': 'Technology/Social Media',
'name': 'Unnamed Social Media Platform',
'type': 'Private Company'},
{'industry': 'Technology',
'location': 'USA',
'name': 'Unnamed U.S. Tech Companies',
'type': 'Private Company'},
{'location': 'Global',
'name': 'Victims in 80+ Countries',
'type': ['Private Companies',
'Government Entities',
'Individuals']}],
'attack_vector': ['Malware-infected IoT devices (DVRs, WiFi routers)',
'DDoS-for-hire service'],
'date_publicly_disclosed': '2024-08-06',
'date_resolved': '2024-08-06',
'description': "Ethan Foltz, 22, allegedly developed the 'Rapper Bot' botnet, "
'a sophisticated DDoS-for-hire service infecting 65,000–95,000 '
'devices (e.g., DVRs, WiFi routers) to conduct large-scale '
'DDoS attacks (2–3 Tbps) targeting victims in over 80 '
'countries, including U.S. government networks, social media '
'platforms, and tech companies. Authorities disrupted the '
'botnet on August 6, 2024, as part of Operation PowerOFF. '
'Foltz faces up to 10 years in prison if convicted of aiding '
'and abetting computer intrusions.',
'impact': {'brand_reputation_impact': ['Potential erosion of trust in '
'targeted organizations',
'Negative publicity for DDoS-for-hire '
'ecosystem'],
'legal_liabilities': ['Federal charges for aiding and abetting '
'computer intrusions (10-year max sentence)'],
'operational_impact': ['Service disruptions',
'Bandwidth overload (2–3 Tbps traffic)',
'Potential denial of critical services'],
'systems_affected': ['U.S. government network',
'Social media platform',
'U.S. tech companies',
'Victims in 80+ countries']},
'initial_access_broker': {'backdoors_established': ['Persistent malware '
'infections on '
'65,000–95,000 devices'],
'entry_point': ['Exploited IoT devices (DVRs, WiFi '
'routers)'],
'high_value_targets': ['U.S. government networks',
'Major tech companies',
'Social media platforms']},
'investigation_status': 'Ongoing (Foltz charged; case part of broader '
'Operation PowerOFF)',
'lessons_learned': ['Critical need for securing IoT devices against botnet '
'recruitment',
'Effectiveness of international law enforcement '
'collaboration (Operation PowerOFF) in disrupting '
'DDoS-for-hire services',
'Importance of proactive monitoring for anomalous traffic '
'patterns (2–3 Tbps DDoS attacks)'],
'motivation': ['Financial profit',
'Disruption of services',
'Criminal reputation'],
'post_incident_analysis': {'corrective_actions': ['Law enforcement takedown '
'of botnet infrastructure',
'Charges against operators '
'to deter future activity',
'Potential regulatory push '
'for IoT security '
'standards'],
'root_causes': ['Proliferation of unsecured IoT '
'devices with default credentials',
'Lack of global enforcement '
'against DDoS-for-hire markets',
'Sophistication of botnet malware '
"(Rapper Bot's 2–3 Tbps "
'capacity)']},
'recommendations': ['Implement default credential changes and regular '
'patching for IoT devices',
'Deploy DDoS mitigation solutions (e.g., scrubbing '
'centers, rate limiting)',
'Enhance cross-border cybercrime investigations and '
'information sharing',
'Public awareness campaigns on risks of DDoS-for-hire '
'services'],
'references': [{'date_accessed': '2024-08-06',
'source': "U.S. Attorney's Office, District of Alaska"},
{'date_accessed': '2024-08-06',
'source': 'Department of Defense Office of Inspector General'},
{'date_accessed': '2024-12-01',
'source': 'Operation PowerOFF (International Law Enforcement '
'Initiative)'}],
'regulatory_compliance': {'legal_actions': ['Federal criminal charges (1 '
'count: aiding and abetting '
'computer intrusions)'],
'regulations_violated': ['U.S. Computer Fraud and '
'Abuse Act (CFAA)',
'Potential violations of '
'international cybercrime '
'laws']},
'response': {'communication_strategy': ['Public announcement by U.S. '
"Attorney's Office (District of "
'Alaska)',
'Press release highlighting Operation '
'PowerOFF'],
'containment_measures': ["Search warrant execution at Foltz's "
'residence',
'Seizure of administrative control over '
'Rapper Bot botnet',
'Disruption of DDoS infrastructure'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['Shutdown of 27 DDoS-for-hire domains '
'(December 2024)',
'Arrests of operators'],
'third_party_assistance': ['International law enforcement '
'(Operation PowerOFF)']},
'threat_actor': {'age': 22,
'location': 'Eugene, Oregon, USA',
'motivation': ['Financial gain (DDoS-for-hire)',
'Criminal enterprise'],
'name': 'Ethan Foltz',
'nationality': 'American'},
'title': "Federal Charges Filed Against Oregon Man for Orchestrating 'Rapper "
"Bot' DDoS Botnet Attacks",
'type': ['Distributed Denial of Service (DDoS)',
'Botnet Operation',
'Cybercrime-as-a-Service'],
'vulnerability_exploited': ['Unsecured IoT devices',
'Default/weak credentials',
'Lack of device patching']}