United States law enforcement has neutralized four major botnets – JackSkid, Mossad, Aisuru, and Kimwolf – responsible for some of the largest distributed denial-of-service (DDoS) attacks ever recorded. The operation, conducted in collaboration with Canadian and German authorities, removed the command-and-control infrastructure enabling these hacker-controlled armies of compromised devices.
The Scale of the Threat
These botnets collectively controlled over 3 million hacked computers, often sold as access to other criminals or deployed to overwhelm websites and internet services with massive attack traffic. Aisuru and Kimwolf, in particular, stand out. Cloudflare reports they jointly launched an attack last November reaching over 30 terabits per second – nearly triple the previous record. This scale is so immense that, as Cloudflare put it, it’s equivalent to “the combined populations of the UK, Germany, and Spain all simultaneously typing a website address.”
Evolution of IoT Exploitation
All four botnets are based on Mirai, the notorious 2016 internet-of-things (IoT) botnet that previously broke records and even took down major websites. However, these newer iterations have evolved. Kimwolf specifically exploited cheap, connected gadgets acting as residential proxies to infiltrate home networks – bypassing typical router protections. This development significantly raised the bar for securing even well-protected devices.
The Cat-and-Mouse Game
While US authorities disrupted the botnets by removing their control servers, the operators fought back using tactics like storing command-and-control data on the Ethereum blockchain to prevent hijacking. Despite this, the takedown succeeded, though no arrests were announced immediately. Cybersecurity experts caution that this is only a temporary victory.
“You catch one mouse, and 10 others scurry under the refrigerator. The cats will prioritize the fat mice. But it’s a long game.”
The cycle of disruption and rebuilding will continue, as new hackers inevitably create replacement botnets. The fundamental vulnerability – insecure IoT devices – remains unaddressed, ensuring that large-scale DDoS attacks will persist as a major cybersecurity threat.
