The owners of the equipment did not even suspect the secret life of their devices.
An international law enforcement operation has dealt a serious blow to one of the largest cybercriminal networks in recent years. The focus was on botnets that had been exploiting vulnerable devices around the world for years, launching record-breaking attacks, paralyzing services and infrastructure.
The US Department of Justice, with support from Canadian and German law enforcement agencies, conducted a coordinated operation against the botnet command and control infrastructure of Aisuru, KimWolf, JackSkid, and Mossad. These networks used infected IoT devices—video recorders, webcams, and routers—to conduct DDoS attacks. Some of these attacks reached a capacity of approximately 30 Tbps, one of the highest ever observed.
As part of the operation, US agencies seized domains, virtual servers, and other infrastructure elements involved in cybercriminal activity. Resources used by the attackers to attack US Department of Defense networks were also targeted.
According to court documents, four botnets collectively infected more than three million IoT devices worldwide. A significant portion of those infected were located in the United States. Some networks, including KimWolf and JackSkid, even penetrated devices normally isolated from the outside internet. Operators turned these devices into attack tools and leased them to other attackers, using the "cybercrime as a service" model.
Using these networks, attackers carried out hundreds of thousands of attacks . Aisuru operators sent over 200,000 commands to launch attacks, JackSkid over 90,000, KimWolf over 25,000, and Mossad around 1,000. In some cases, the attackers demanded ransom, and damage to individual companies reached tens of thousands of dollars due to downtime and recovery costs.
US authorities emphasize that joint efforts with foreign partners have not only neutralized the botnets but also limited their further spread. Law enforcement officials note that such networks have long since spread beyond the borders of individual countries, so combating them requires international cooperation.
The investigation is being conducted by units from the US Department of Defense and the FBI, with the participation of European and Canadian agencies. Major technology companies and specialized organizations also assisted the operation, providing data and technical support.
An international law enforcement operation has dealt a serious blow to one of the largest cybercriminal networks in recent years. The focus was on botnets that had been exploiting vulnerable devices around the world for years, launching record-breaking attacks, paralyzing services and infrastructure.
The US Department of Justice, with support from Canadian and German law enforcement agencies, conducted a coordinated operation against the botnet command and control infrastructure of Aisuru, KimWolf, JackSkid, and Mossad. These networks used infected IoT devices—video recorders, webcams, and routers—to conduct DDoS attacks. Some of these attacks reached a capacity of approximately 30 Tbps, one of the highest ever observed.
As part of the operation, US agencies seized domains, virtual servers, and other infrastructure elements involved in cybercriminal activity. Resources used by the attackers to attack US Department of Defense networks were also targeted.
According to court documents, four botnets collectively infected more than three million IoT devices worldwide. A significant portion of those infected were located in the United States. Some networks, including KimWolf and JackSkid, even penetrated devices normally isolated from the outside internet. Operators turned these devices into attack tools and leased them to other attackers, using the "cybercrime as a service" model.
Using these networks, attackers carried out hundreds of thousands of attacks . Aisuru operators sent over 200,000 commands to launch attacks, JackSkid over 90,000, KimWolf over 25,000, and Mossad around 1,000. In some cases, the attackers demanded ransom, and damage to individual companies reached tens of thousands of dollars due to downtime and recovery costs.
US authorities emphasize that joint efforts with foreign partners have not only neutralized the botnets but also limited their further spread. Law enforcement officials note that such networks have long since spread beyond the borders of individual countries, so combating them requires international cooperation.
The investigation is being conducted by units from the US Department of Defense and the FBI, with the participation of European and Canadian agencies. Major technology companies and specialized organizations also assisted the operation, providing data and technical support.
