The US Justice Department on Thursday announced the results of an international operation to disrupt several IoT botnets used by threat actors to launch distributed denial-of-service (DDoS) attacks.
The operation targeted the Aisuru, Kimwolf, JackSkid, and Mossad botnets and involved several major cybersecurity and tech companies, as well as law enforcement in Germany and Canada.
Authorities said the botnets have compromised more than 3 million devices as of March 2026, including DVRs, cameras, Wi-Fi routers, and other IoT devices.
Aisuru has made headlines over the past several months for its massive DDoS attacks, including several record-breaking attacks. It is tightly connected to Kimwolf, which is essentially Aisuru’s Android-focused successor.
Kimwolf was in the spotlight for abusing residential proxy networks to expand and for ensnaring roughly 2 million devices.
Aisuru and Kimwolf were both linked by Cloudflare in February to the largest DDoS attack recorded to date, which peaked at 31.4 Tbps.
According to the DoJ, cybercriminals used the Aisuru botnet to issue over 200,000 DDoS attack commands, while Kimwolf issued 25,000 such commands.
JackSkid and Mossad are lesser-known botnets, but the DoJ said they issued 90,000 and 1,000 DDoS attack commands, respectively.
AWS, which was involved in the takedown, reported that just like Kimwolf, the JackSkid botnet used residential proxy networks to grow.
The botnet disruption efforts included seizing multiple internet domains, virtual servers, and other infrastructure used by Aisuru, Kimwolf, JackSkid, and Mossad.
The DoJ said law enforcement agencies in Canada and Germany “conducted their own operations targeting botnet administrators and botnet infrastructure”, but did not say whether anyone was arrested.
Related: SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown
Related: Tycoon 2FA Phishing Platform Dismantled in Global Takedown
Related: RedVDS Cybercrime Service Disrupted by Microsoft and Law Enforcement
