U.S. Authorities Disrupt Major Botnet Networks in Large-Scale Takedown
The U.S. Department of Justice (DOJ) announced a coordinated operation to dismantle the infrastructure behind four major botnets Aisuru, KimWolf, JackSkid, and Mossad by seizing virtual servers, domain names, and other command-and-control (C2) assets. The action targeted the backbone of these networks, crippling their ability to coordinate attacks, redeploy compromised devices, and monetize their operations.
According to court documents, the botnets collectively issued over 316,000 DDoS commands, with Aisuru alone responsible for 200,000. The scale of these operations reflects a highly industrialized cybercrime model, far removed from opportunistic attacks. Authorities estimate the networks compromised over 3 million devices, including cameras, DVRs, and Wi-Fi routers, many located in the U.S.
The investigation also uncovered a cybercrime-as-a-service business model, where botnet operators rented out their attack infrastructure to other criminals. This allowed threat actors to launch DDoS attacks or extortion campaigns without building their own networks. The takedown disrupts not only the technical infrastructure but also the financial ecosystem sustaining these operations.
U.S. Department of Justice cybersecurity rating report: https://www.rankiteo.com/company/usdoj
"id": "USD1774009673",
"linkid": "usdoj",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'Cybercrime',
'location': 'Global (U.S. devices compromised)',
'name': 'Aisuru Botnet',
'type': 'Botnet'},
{'industry': 'Cybercrime',
'location': 'Global (U.S. devices compromised)',
'name': 'KimWolf Botnet',
'type': 'Botnet'},
{'industry': 'Cybercrime',
'location': 'Global (U.S. devices compromised)',
'name': 'JackSkid Botnet',
'type': 'Botnet'},
{'industry': 'Cybercrime',
'location': 'Global (U.S. devices compromised)',
'name': 'Mossad Botnet',
'type': 'Botnet'}],
'attack_vector': 'Compromised IoT devices (cameras, DVRs, Wi-Fi routers)',
'description': 'The U.S. Department of Justice (DOJ) announced a coordinated '
'operation to dismantle the infrastructure behind four major '
'botnets—Aisuru, KimWolf, JackSkid, and Mossad—by seizing '
'virtual servers, domain names, and other command-and-control '
'(C2) assets. The action targeted the backbone of these '
'networks, crippling their ability to coordinate attacks, '
'redeploy compromised devices, and monetize their operations. '
'The botnets collectively issued over 316,000 DDoS commands, '
'with Aisuru alone responsible for 200,000. The networks '
'compromised over 3 million devices, including cameras, DVRs, '
'and Wi-Fi routers, many located in the U.S. The investigation '
'uncovered a cybercrime-as-a-service business model, where '
'botnet operators rented out their attack infrastructure to '
'other criminals.',
'impact': {'operational_impact': 'Disruption of botnet operations and '
'cybercrime-as-a-service infrastructure',
'systems_affected': 'Over 3 million devices (IoT devices, '
'including cameras, DVRs, and Wi-Fi routers)'},
'investigation_status': 'Ongoing (infrastructure dismantled)',
'motivation': 'Financial gain (cybercrime-as-a-service, DDoS-for-hire, '
'extortion)',
'post_incident_analysis': {'corrective_actions': 'Seizure of botnet '
'infrastructure, disruption '
'of cybercrime operations',
'root_causes': 'Exploitation of vulnerable IoT '
'devices, cybercrime-as-a-service '
'business model'},
'references': [{'source': 'U.S. Department of Justice'}],
'response': {'containment_measures': 'Seizure of virtual servers, domain '
'names, and command-and-control (C2) '
'assets',
'law_enforcement_notified': 'Yes (U.S. Department of Justice)'},
'threat_actor': 'Cybercriminals operating Aisuru, KimWolf, JackSkid, and '
'Mossad botnets',
'title': 'U.S. Authorities Disrupt Major Botnet Networks in Large-Scale '
'Takedown',
'type': 'Botnet Takedown'}