International joint action disrupts world’s largest DDoS botnets
by Sergiu Gatlan · BleepingComputerAuthorities from the United States, Germany, and Canada have taken down Command and Control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid, and Mossad botnets to infect Internet of Things (IoT) devices.
The joint law enforcement action also targeted virtual servers, internet domains, and other infrastructure used by the four botnets to launch hundreds of thousands of massive Distributed Denial of Service (DDoS) attacks against victims worldwide in recent months, including IP addresses owned by the Department of Defense Information Network (DoDIN).
For instance, in December, the Aisuru botnet set a new record with a DDoS attack that peaked at 31.4 Tbps and 200 million requests per second as part of a broader campaign targeting multiple companies, most of which were in the telecommunications sector.
Aisuru was also behind a previous DDoS record of 29.7 Tbps, while an incident originating from 500,000 IP addresses(which Microsoft attributed to the same botnet) peaked at 15.72 Tbps in November.
"This operation, in coordination with other international law enforcement actions, is intended to disrupt communications associated with the Aisuru, KimWolf, JackSkid, and Mossad botnets, preventing further infection to victim devices and limiting or eliminating the ability of the botnets to launch future attack," the Justice Department said.
"Court documents allege that the Aisuru botnet issued more than 200,000 DDoS attack commands, the KimWolf botnet issued more than 25,000 DDoS attack commands, the JackSkid botnet launched more than 90,000 DDoS attack commands and the Mossad botnet launched more than 1,000 DDoS attack commands."
According to the U.S. Justice Department, these botnets have collectively infected and ensnared over three million IoT devices, including web cameras, digital video recorders, and WiFi routers, many of them located in the United States.
The botnet operators sold access to other cybercriminals under a cybercrime-as-a-service model, enabling them to launch DDoS attacks that resulted in tens of thousands of dollars in losses and remediation costs.
"These attacks can cripple core internet infrastructure, cause significant service degradation for ISPs and their downstream customers, and even overwhelm high-capacity cloud-based mitigation services," said cybersecurity and cloud computing company Akamai, which was one of the private sector firms involved in the joint action.
"Cybercriminals used these botnets to launch hundreds of thousands of attacks, in some cases demanding extortion payments from victims."
Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.