Akamai and U.S. Department of Defense: International joint action disrupts world’s largest DDoS botnets

Global Law Enforcement Disrupts Four Major IoT Botnets Behind Record-Breaking DDoS Attacks

Authorities from the United States, Germany, and Canada have dismantled the Command and Control (C2) infrastructure of four prolific botnets Aisuru, KimWolf, JackSkid, and Mossad responsible for infecting millions of Internet of Things (IoT) devices and launching devastating Distributed Denial of Service (DDoS) attacks worldwide.

The operation targeted virtual servers, domains, and other infrastructure used by the botnets to orchestrate attacks, including strikes against U.S. Department of Defense (DoD) networks. In December 2023, the Aisuru botnet set a new DDoS record with an attack peaking at 31.4 Tbps and 200 million requests per second, primarily targeting telecommunications companies. Aisuru had previously broken records with a 29.7 Tbps attack, while a November incident linked to 500,000 compromised IP addresses reached 15.72 Tbps.

According to the U.S. Justice Department, the botnets collectively issued over 316,000 DDoS attack commands:

• Aisuru: 200,000+ commands
• KimWolf: 25,000+ commands
• JackSkid: 90,000+ commands
• Mossad: 1,000+ commands

The botnets ensnared over three million IoT devices, including webcams, DVRs, and WiFi routers, many located in the U.S. Operators monetized the networks through a cybercrime-as-a-service model, selling access to criminals who launched attacks resulting in tens of thousands of dollars in losses and remediation costs. Some attacks involved extortion demands, while others aimed to cripple internet infrastructure, degrade ISP services, and overwhelm cloud-based mitigation platforms, as noted by Akamai, a private-sector partner in the operation.

The takedown aims to disrupt botnet communications, prevent further infections, and neutralize future attack capabilities.

Source: https://www.bleepingcomputer.com/news/security/aisuru-kimwolf-jackskid-and-mossad-botnets-disrupted-in-joint-action/

united-states-department-of-defense cybersecurity rating report: https://www.rankiteo.com/company/united-states-department-of-defense

Akamai Technologies cybersecurity rating report: https://www.rankiteo.com/company/akamai-technologies

"id": "UNIAKA1773995078",
"linkid": "united-states-department-of-defense, akamai-technologies",
"type": "Cyber Attack",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Defense',
                        'location': 'United States',
                        'name': 'U.S. Department of Defense (DoD)',
                        'type': 'Government'},
                       {'industry': 'Telecommunications',
                        'type': 'Telecommunications Companies'},
                       {'industry': 'Telecommunications',
                        'type': 'Internet Service Providers (ISPs)'},
                       {'industry': 'Cybersecurity',
                        'name': 'Akamai',
                        'type': 'Private Sector'}],
 'attack_vector': 'IoT Botnets',
 'description': 'Authorities from the United States, Germany, and Canada have '
                'dismantled the Command and Control (C2) infrastructure of '
                'four prolific botnets (Aisuru, KimWolf, JackSkid, and Mossad) '
                'responsible for infecting millions of Internet of Things '
                '(IoT) devices and launching devastating Distributed Denial of '
                'Service (DDoS) attacks worldwide. The operation targeted '
                'virtual servers, domains, and other infrastructure used by '
                'the botnets to orchestrate attacks, including strikes against '
                'U.S. Department of Defense (DoD) networks.',
 'impact': {'financial_loss': 'Tens of thousands of dollars in losses and '
                              'remediation costs',
            'operational_impact': 'Degradation of ISP services, overwhelming '
                                  'of cloud-based mitigation platforms',
            'systems_affected': 'IoT devices (webcams, DVRs, WiFi routers), '
                                'U.S. Department of Defense (DoD) networks, '
                                'telecommunications companies, ISP services, '
                                'cloud-based mitigation platforms'},
 'investigation_status': 'Ongoing (takendown operation completed)',
 'motivation': ['Cybercrime-as-a-Service',
                'Extortion',
                'Disruption of Internet Infrastructure'],
 'post_incident_analysis': {'corrective_actions': 'Neutralization of botnet '
                                                  'infrastructure, disruption '
                                                  'of attack capabilities',
                            'root_causes': 'Exploitation of vulnerable IoT '
                                           'devices, cybercrime-as-a-service '
                                           'model'},
 'references': [{'source': 'U.S. Justice Department'}, {'source': 'Akamai'}],
 'response': {'containment_measures': 'Dismantling of C2 infrastructure '
                                      '(virtual servers, domains)',
              'law_enforcement_notified': 'Yes (U.S., Germany, Canada '
                                          'authorities)',
              'remediation_measures': 'Disruption of botnet communications, '
                                      'prevention of further infections',
              'third_party_assistance': 'Akamai (private-sector partner)'},
 'threat_actor': ['Aisuru', 'KimWolf', 'JackSkid', 'Mossad'],
 'title': 'Global Law Enforcement Disrupts Four Major IoT Botnets Behind '
          'Record-Breaking DDoS Attacks',
 'type': 'DDoS Attack'}