top of page
Search

DoJ Dismantles Massive IoT Botnet Network Responsible for Global DDoS Attacks

  • Mar 20
  • 2 min read

Key Findings


  • DoJ disrupted command-and-control infrastructure for 4 IoT botnets

  • Botnets infected approximately 3 million devices worldwide

  • Attacks measured up to 31.4 Tbps, causing potential massive internet disruption

  • Botnets launched hundreds of thousands of DDoS attack commands

  • Potential suspects include a 23-year-old Canadian and a 15-year-old German

  • Multiple international law enforcement agencies and tech companies collaborated on the operation


Background


The botnet disruption represents a critical moment in cybersecurity, targeting sophisticated IoT-based attack infrastructure. These botnets primarily infected consumer devices like Android TVs, digital video recorders, web cameras, and Wi-Fi routers, creating a massive network of compromised systems.


Technical Infrastructure


The botnets, particularly Kimwolf, represented a significant evolution in botnet technology. Unlike traditional methods that scan open internet for vulnerable devices, Kimwolf exploited residential proxy networks and home networks, infiltrating devices typically protected by home routers.


Attack Metrics


Each botnet demonstrated substantial attack capabilities:


  • AISURU: Over 200,000 DDoS attack commands

  • Kimwolf: Over 25,000 DDoS attack commands

  • JackSkid: Over 90,000 DDoS attack commands

  • Mossad: Approximately 1,000 DDoS attack commands


Attacks frequently exceeded 30 Tbps, with some reaching 14 billion packets per second and 300 million requests per second.


Operational Model


The botnets operated on a "cybercrime as a service" model, allowing cybercriminals to purchase access to infected devices. This approach enabled widespread, distributed attacks that could potentially overwhelm internet infrastructure.


International Collaboration


The operation involved coordinated efforts from:


  • U.S. Department of Justice

  • Canadian authorities

  • German law enforcement

  • Multiple tech companies including Akamai, AWS, Cloudflare, and Google


Potential Suspects


Investigations have identified two primary suspects:


  • A 23-year-old Canadian who claims to have abandoned the persona in 2021

  • A 15-year-old residing in Germany


No formal arrests have been announced as of the report's publication.


Sources


  • https://thehackernews.com/2026/03/doj-disrupts-3-million-device-iot.html

  • https://krebsonsecurity.com/2026/03/feds-disrupt-iot-botnets-behind-huge-ddos-attacks/

  • https://www.newsy-today.com/us-disrupts-major-botnets-behind-record-ddos-attack-wired/

Recent Posts

See All

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page