Skip to content

US Authorities Dismantle Four Botnets with Over Three Million IoT Devices

Key point: The US Department of Justice, FBI, and authorities in Canada and Germany have shut down four IoT botnets with over three million compromised devices that together conducted hundreds of thousands of DDoS attacks.

The US Department of Justice, working with Canadian and German authorities, has dismantled the infrastructure of four botnets that compromised over three million IoT devices and were responsible for massive DDoS attacks. The operators of the Aisuru, Kimwolf, JackSkid and Mossad botnets regularly demanded ransom payments from their victims.

The US Department of Justice coordinated with the Defense Criminal Investigative Service (DCIS), an investigative agency of the US Department of Defense, in an operation to shut down four botnets. By securing several US-registered domains, virtual servers and other infrastructure, the online capabilities of these networks were disrupted. Attacks on IP addresses of the US Department of Defense were particularly affected.

The four botnets together carried out hundreds of thousands of DDoS attacks. Aisuru, the oldest of the botnets, caused over 200,000 attack commands; JackSkid was responsible for at least 90,000 attacks. Kimwolf has been documented over 25,000 times, Mossad had carried out approximately 1,000 attacks. Victims suffered damages and recovery costs in the five-figure dollar range.

Aisuru emerged in late 2024 and launched attacks of unprecedented scale from mid-2025 onwards. In October 2025, the variant Kimwolf emerged, which used a new propagation method to compromise devices behind internal network protection measures. Security company Synthient made this vulnerability public on January 2, 2026. Subsequently, several additional botnets emerged that copied Kimwolf’s distribution method and competed for the same pool of vulnerable devices. JackSkid similarly to Kimwolf targeted internal network devices.

The DCIS led the investigation with support from the FBI Anchorage office. Nearly two dozen technology companies assisted in the operation. The Department of Justice measures were timed to coincide with investigations in Canada and Germany targeting suspected operators of these networks. KrebsOnSecurity identified a 22-year-old Canadian in February 2026 as a key figure behind Kimwolf.


Source: ainews-dev.lumi-systems.io · Published May 17, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.5.2.

Share on: