The **U.S. Department of Defense (DoD)** was among the high-profile targets of **RapperBot (Eleven Eleven Botnet)**, a Mirai-based DDoS-for-hire botnet allegedly operated by Ethan Foltz. Between April and August 2024, the botnet executed over **370,000 attacks**, including strikes against **DoD networks and defense-related services**, with some exceeding **6 Tbps**—capable of crippling critical infrastructure. While the article does not specify the exact operational damage (e.g., outages, data breaches, or financial losses), the DoD’s inclusion as a target suggests **disruption to military or defense communications, potential degradation of network availability, and heightened vulnerability to follow-on cyber intrusions**. The botnet’s scale and its **direct targeting of government defense systems** imply risks beyond financial costs, including **compromised national security posture, erosion of public trust in defense cyber resilience, and possible cascading effects on allied networks**. The DoD’s involvement in **Operation PowerOFF**—a multi-agency takedown—underscores the severity of the threat. Though no ransomware or data exfiltration was reported, the **sustained, high-volume DDoS attacks** could have **delayed mission-critical operations, strained cybersecurity resources, and exposed gaps in perimeter defenses**, particularly if combined with extortion demands (as seen with other victims like Chinese gambling platforms).
Source: https://www.theregister.com/2025/08/21/rapperbot_seized/
TPRM report: https://www.rankiteo.com/company/deptofdefense
"id": "dep539082225",
"linkid": "deptofdefense",
"type": "Cyber Attack",
"date": "8/2024",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'Defense/Military',
'location': 'USA',
'name': 'U.S. Department of Defense',
'type': 'Government'},
{'industry': 'Technology/Social Media',
'location': 'Global',
'name': 'Unnamed Social Media Platforms',
'type': 'Private Sector'},
{'industry': 'Gambling',
'location': 'China',
'name': 'Chinese Gambling Outfits',
'type': 'Private Sector'},
{'industry': 'Multiple',
'location': 'Global',
'name': '18,000+ Victims Across 80+ Countries',
'type': 'Mixed (Public/Private)'}],
'attack_vector': ['Mirai-based Botnet',
'DDoS-for-Hire Service',
'Compromised IoT Devices'],
'date_publicly_disclosed': '2024-08-06',
'date_resolved': '2024-08-06',
'description': 'RapperBot, a Mirai-based botnet-for-hire responsible for over '
'370,000 DDoS attacks across 18,000 victims in 80+ countries, '
'was dismantled by federal authorities in Operation PowerOFF. '
'Its alleged operator, Ethan Foltz (22) of Eugene, Oregon, was '
'arrested on August 6, 2024. The botnet, capable of attacks '
'exceeding 6 Tbps, targeted entities ranging from U.S. '
'government/defense networks to social media platforms and '
'gambling sites, with some victims extorted. The takedown '
'involved international law enforcement and private-sector '
'collaboration (AWS, Akamai, Cloudflare, etc.). Foltz faces up '
'to 10 years in prison if convicted of aiding computer '
'intrusions.',
'impact': {'brand_reputation_impact': ['Potential Reputation Damage for '
'Targets'],
'financial_loss': 'Estimated $500–$10,000 per 2+ Tbps attack '
'(30-second duration)',
'operational_impact': ['Service Disruptions', 'Denial-of-Service'],
'systems_affected': ['US Government Networks',
'Defense-Related Services',
'Social Media Platforms',
'Chinese Gambling Outfits']},
'initial_access_broker': {'entry_point': ['Compromised IoT Devices (Mirai '
'Exploits)'],
'high_value_targets': ['US Government/Defense '
'Networks']},
'investigation_status': 'Ongoing (Awaiting Trial)',
'lessons_learned': ['Effectiveness of Public-Private Partnerships in Botnet '
'Takedowns',
'Role of Hyperscale Cloud Providers (e.g., AWS) in '
'Cybercrime Disruption',
'Ongoing Threat of DDoS-for-Hire Services Despite '
'High-Profile Takedowns'],
'motivation': ['Financial Gain (Botnet-for-Hire)',
'Extortion',
'Cybercrime-as-a-Service'],
'post_incident_analysis': {'corrective_actions': ['Takedown of RapperBot C2 '
'Servers',
'Arrest of Alleged Operator',
'International '
'Collaboration (Operation '
'PowerOFF)'],
'root_causes': ['Proliferation of IoT Devices with '
'Weak Security',
'Demand for DDoS-for-Hire Services '
'in Cybercrime Underground',
'Lack of Global Coordination to '
'Disrupt Botnet Infrastructure']},
'recommendations': ['Strengthen IoT Device Security to Prevent Botnet '
'Recruitment',
'Enhance DDoS Mitigation Capabilities for Critical '
'Infrastructure',
'Continue Cross-Sector Collaboration for Cyber Threat '
'Disruption'],
'references': [{'source': 'U.S. Department of Justice'},
{'source': 'AWS LinkedIn Post'},
{'source': 'The Register (Article)'}],
'regulatory_compliance': {'legal_actions': ['Criminal Charges (Aiding and '
'Abetting Computer Intrusions)']},
'response': {'communication_strategy': ['Public Announcement by DOJ',
'AWS LinkedIn Post'],
'containment_measures': ['Seizure of Command-and-Control Servers',
'Disruption of Malicious '
'Infrastructure'],
'enhanced_monitoring': ['AWS Threat Detection Tools'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'third_party_assistance': ['AWS',
'Akamai',
'Cloudflare',
'Google',
'DigitalOcean',
'Flashpoint',
'PayPal',
'Unit 221B']},
'stakeholder_advisories': ['Warning to Potential Botnet Operators (DCIS '
'Statement)'],
'threat_actor': {'age': 22,
'location': 'Eugene, Oregon, USA',
'name': 'Ethan Foltz',
'nationality': 'American'},
'title': 'Takedown of RapperBot (Eleven Eleven Botnet / CowBot) DDoS Botnet '
'and Arrest of Alleged Operator Ethan Foltz',
'type': ['DDoS Attack', 'Botnet Operation', 'Extortion'],
'vulnerability_exploited': ['Default/Weak Credentials (Mirai)',
'Unpatched IoT Devices']}