Global Law Enforcement Dismantles Four Major IoT Botnets Behind Record-Breaking DDoS Attacks
An international law enforcement operation has successfully dismantled the command-and-control infrastructure of four highly destructive IoT botnets Aisuru, KimWolf, JackSkid, and Mossad responsible for some of the largest Distributed Denial of Service (DDoS) attacks on record, peaking at 30 terabits per second (Tbps).
By March 2026, the botnets had enslaved over three million devices worldwide, including hundreds of thousands in the U.S. The threat actors primarily targeted vulnerable IoT hardware such as digital video recorders, web cameras, and home Wi-Fi routers. Notably, KimWolf and JackSkid employed advanced techniques to compromise devices behind traditional firewalls, bypassing perimeter security.
Operating under a "cybercrime-as-a-service" model, the botnet administrators leased access to their infected networks to other criminals, who then launched extortion-driven DDoS attacks. Victims included the U.S. Department of Defense Information Network (DoDIN) and private sector organizations, resulting in significant financial losses and operational disruptions.
The takedown involved a coordinated effort by U.S. agencies (FBI, Defense Criminal Investigative Service), German authorities (BKA, ZAC NRW), and Canadian law enforcement (RCMP, OPP, SQ). Over a dozen private sector partners, including Cloudflare, Akamai, Amazon Web Services, and The Shadowserver Foundation, provided critical support. By seizing command-and-control servers, authorities severed the attackers’ access to millions of compromised devices, neutralizing the immediate threat.
Source: https://gbhackers.com/authorities-dismantle-iot-botnet/
U.S. Cyber Command cybersecurity rating report: https://www.rankiteo.com/company/united-states-cyber-command
"id": "UNI1773987869",
"linkid": "united-states-cyber-command",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Defense',
'location': 'United States',
'name': 'U.S. Department of Defense Information '
'Network (DoDIN)',
'type': 'Government'},
{'type': 'Private Sector Organizations'}],
'attack_vector': 'IoT Botnets',
'date_publicly_disclosed': '2026-03',
'description': 'An international law enforcement operation has successfully '
'dismantled the command-and-control infrastructure of four '
'highly destructive IoT botnets—Aisuru, KimWolf, JackSkid, and '
'Mossad—responsible for some of the largest Distributed Denial '
'of Service (DDoS) attacks on record, peaking at 30 terabits '
'per second (Tbps). The botnets enslaved over three million '
'devices worldwide, including hundreds of thousands in the '
'U.S., and were leased to criminals for extortion-driven DDoS '
'attacks targeting entities like the U.S. Department of '
'Defense Information Network (DoDIN) and private sector '
'organizations.',
'impact': {'financial_loss': 'Significant',
'operational_impact': 'Operational disruptions',
'systems_affected': 'Over 3 million IoT devices worldwide'},
'investigation_status': 'Dismantled',
'motivation': 'Extortion, Cybercrime-as-a-Service',
'post_incident_analysis': {'corrective_actions': 'Seizure of '
'command-and-control '
'infrastructure, law '
'enforcement coordination',
'root_causes': 'Vulnerable IoT devices, lack of '
'perimeter security'},
'references': [{'source': 'Law Enforcement Operation'}],
'response': {'containment_measures': 'Seizure of command-and-control servers',
'law_enforcement_notified': True,
'remediation_measures': 'Severed attackers’ access to '
'compromised devices',
'third_party_assistance': ['Cloudflare',
'Akamai',
'Amazon Web Services',
'The Shadowserver Foundation']},
'threat_actor': ['Aisuru', 'KimWolf', 'JackSkid', 'Mossad'],
'title': 'Global Law Enforcement Dismantles Four Major IoT Botnets Behind '
'Record-Breaking DDoS Attacks',
'type': 'DDoS Attack',
'vulnerability_exploited': 'Vulnerable IoT hardware (digital video recorders, '
'web cameras, home Wi-Fi routers)'}