The **US Department of Defense (DoD)** was among the victims of **Rapper Bot**, a sophisticated DDoS-for-hire botnet allegedly administered by Ethan Foltz. The botnet, leveraging **65,000–95,000 infected devices** (e.g., DVRs, WiFi routers), executed **multi-terabit DDoS attacks**, with some exceeding **6 Tbps**, targeting over **18,000 unique victims** across **80+ countries**, including critical DoD networks. These attacks disrupted operations, incurred financial losses (e.g., **$500–$10,000 per 30-second 2+ Tbps attack**), and strained resources for mitigation. Extortion demands were also linked to Rapper Bot, compounding the threat. The DoD’s **defense industrial base, infrastructure, and intellectual property** were at risk, prompting a coordinated law enforcement response to dismantle the botnet. The incident underscores vulnerabilities in **military and government cybersecurity**, with potential cascading effects on national security if left unchecked. The botnet’s scale and targeting of **DoD systems** elevate the severity, given its role in safeguarding classified data and mission-critical operations.
Source: https://www.infosecurity-magazine.com/news/oregon-man-charged-in-rapper-bot/
TPRM report: https://www.rankiteo.com/company/deptofdefense
"id": "dep445082225",
"linkid": "deptofdefense",
"type": "Cyber Attack",
"date": "8/2025",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"{'affected_entities': [{'industry': 'Public Sector',
'location': 'USA',
'name': 'US Government Network',
'type': 'Government'},
{'industry': 'Technology/Social Media',
'name': 'Unnamed Social Media Platform',
'type': 'Private Company'},
{'industry': 'Technology',
'location': 'USA',
'name': 'Multiple US Tech Companies',
'type': 'Private Companies'}],
'attack_vector': ['Botnet',
'Malware Infection (DVRs, WiFi Routers)',
'DDoS-for-Hire Service'],
'customer_advisories': ['Victims advised to report attacks to law '
'enforcement.',
'Businesses urged to review DDoS protection '
'measures.'],
'date_publicly_disclosed': '2024-08-19',
'description': 'A 22-year-old Oregon man, Ethan Foltz, has been charged with '
'administering the Rapper Bot DDoS-for-hire botnet, which '
'allegedly launched multi-terabit attacks across 80+ '
'countries. The botnet compromised devices like DVRs and WiFi '
'routers, infecting them with specialized malware to conduct '
'DDoS attacks averaging 2-3 Tbps, with some exceeding 6 Tbps. '
'Over 370,000 attacks targeted 18,000 unique victims, '
'including a US government network, a social media platform, '
'and multiple US tech companies. Victims faced financial '
'losses, extortion demands, and operational disruptions.',
'impact': {'brand_reputation_impact': True,
'customer_complaints': True,
'financial_loss': {'estimated_cost_per_attack': '$500 – $10,000 '
'(for 30-second 2+ '
'Tbps attack)',
'extortion_payments': None,
'total_estimated_loss': None},
'operational_impact': ['Service Disruptions',
'Bandwidth Overload',
'Resource Drain for Mitigation'],
'revenue_loss': True,
'systems_affected': ['Government Networks',
'Social Media Platforms',
'Tech Companies',
'IoT Devices (DVRs, WiFi Routers)']},
'initial_access_broker': {'entry_point': ['Compromised IoT Devices (DVRs, '
'WiFi Routers)'],
'high_value_targets': ['US Government Networks',
'Tech Companies',
'Social Media Platforms']},
'investigation_status': 'Ongoing (Charges filed; botnet disrupted)',
'lessons_learned': ['IoT device security vulnerabilities enable large-scale '
'botnet formation.',
'DDoS-for-hire services pose significant threats to '
'critical infrastructure and businesses.',
'Collaboration between law enforcement and private sector '
'is critical for disrupting cybercrime operations.'],
'motivation': ['Financial Gain', 'Extortion', 'Cybercrime-as-a-Service'],
'post_incident_analysis': {'corrective_actions': ['Disruption of Rapper Bot '
'infrastructure via law '
'enforcement action.',
'Public awareness campaigns '
'on IoT security.',
'Encouragement of threat '
'intelligence sharing among '
'industries.'],
'root_causes': ['Exploitation of unsecured IoT '
'devices for botnet recruitment.',
'Lack of adequate DDoS protection '
'in targeted organizations.',
'Monetization of cybercrime via '
'DDoS-for-hire services.']},
'recommendations': ['Strengthen IoT device security (e.g., default credential '
'changes, firmware updates).',
'Implement DDoS mitigation strategies (e.g., rate '
'limiting, traffic scrubbing).',
'Enhance monitoring for botnet-related traffic patterns.',
'Report extortion attempts to law enforcement '
'immediately.'],
'references': [{'date_accessed': '2024-08-19',
'source': "US Attorney's Office, District of Alaska"},
{'source': 'Cloudflare Blog - Record-Breaking 7.3 Tbps DDoS '
'Attack'}],
'regulatory_compliance': {'legal_actions': ['Criminal Charges (1 count of '
'aiding and abetting computer '
'intrusions)']},
'response': {'communication_strategy': ["Public Announcement by US Attorney's "
'Office'],
'containment_measures': ['Botnet Disruption',
'Arrest of Administrator'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'third_party_assistance': ['Industry Partners (e.g., '
'Cloudflare)']},
'stakeholder_advisories': ['US Department of Defense (DoD)',
'Defense Industrial Base (DIB)'],
'threat_actor': {'affiliation': 'Rapper Bot Botnet',
'location': 'Oregon, USA',
'motivation': ['Financial Gain', 'Cybercrime-as-a-Service'],
'name': 'Ethan Foltz',
'status': 'Charged (Aiding and Abetting Computer '
'Intrusions)'},
'title': 'Rapper Bot DDoS-for-Hire Botnet Admin Charged for Large-Scale '
'Cyberattacks',
'type': ['DDoS Attack', 'Botnet', 'Cyber Extortion'],
'vulnerability_exploited': ['Unsecured IoT Devices (DVRs, WiFi Routers)',
'Lack of Device Hardening']}