US Authorities Dismantle Four Major Botnets Behind Record-Shattering Cyberattacks

US Shuts Down Four Massive Botnets in Landmark Cybersecurity Operation

In a sweeping cybersecurity crackdown, the US Department of Justice, in coordination with the Defense Criminal Investigative Service — the cybercrime division of the Department of Defense — announced the successful dismantling of four large-scale botnets in a single coordinated operation. The networks, known as JackSkid, Mossad, Aisuru, and Kimwolf, had their command-and-control servers seized, effectively cutting off the hackers who weaponized millions of compromised devices worldwide.

According to the Justice Department, the four botnet operations had collectively enslaved more than 3 million devices. Their operators not only used these networks to launch devastating floods of internet traffic — known as Distributed Denial-of-Service (DDoS) attacks — against targeted websites and online services, but also rented access to other cybercriminals looking to cause disruption for profit.

Record-Breaking Attacks Linked to Aisuru and Kimwolf

Among the four networks, Aisuru stood out as the most notorious. Operating as a so-called "booter" service, its capabilities were available for hire to anyone willing to pay, making it a go-to weapon for cyber disruption. Its targets included popular gaming platforms such as Minecraft and even independent cybersecurity journalist Brian Krebs, who had been investigating the botnet underground extensively and found himself repeatedly attacked throughout the previous year.

Aisuru's reach was broad, infecting a diverse range of internet-connected hardware including digital video recorders, network appliances, and webcams. Its closely related offshoot, Kimwolf, focused on Android-based devices such as smart televisions and set-top boxes. Together, according to DDoS defense company Cloudflare, the two botnets commanded more than one million devices.

The Largest DDoS Attack Ever Recorded

In November of last year, Aisuru and Kimwolf joined forces to unleash what became the largest DDoS attack in recorded history. The assault lasted just 35 seconds but peaked at an astonishing 31.4 terabits of data per second — nearly triple the volume of any previously recorded attack. While Cloudflare successfully absorbed the attack on behalf of one of its undisclosed customers, the sheer scale of the incident sent shockwaves through the cybersecurity community.

To put that figure in perspective, Cloudflare analysts described the attack volume as equivalent to the entire combined populations of the United Kingdom, Germany, and Spain all simultaneously loading a website at the exact same moment. The company warned that such botnets are capable of "crippling critical infrastructure, crashing most legacy cloud-based DDoS protection solutions, and even disrupting the connectivity of entire nations."

Roots in the Infamous Mirai Botnet

All four of the dismantled botnets share a common ancestry: Mirai, the landmark internet-of-things (IoT) malware that first emerged in 2016. Mirai broke records at the time for the scale of attacks it enabled and was ultimately used in a devastating strike against DNS provider Dyn, which simultaneously knocked approximately 175,000 websites offline across the United States. In the years since, Mirai's source code has served as the foundation for an entire generation of copycat IoT botnets.

However, the four networks targeted in this latest operation had evolved well beyond their predecessor. Kimwolf, in particular, pioneered a technique that exploited inexpensive internet-connected gadgets repurposed as "residential proxies." Without their owners' knowledge, these devices allowed hackers to tunnel into home networks and compromise devices typically shielded behind residential routers.

"It really shook the foundations of what we considered to be a secure home network," said Chad Seaman, a principal security researcher at networking firm Akamai.

A Cat-and-Mouse Game With Innovative Adversaries

Seaman noted that law enforcement and cybersecurity researchers had spent months engaged in a relentless back-and-forth battle with the botnet operators. At certain points, the operators employed sophisticated evasion tactics, including migrating their domain name infrastructure to the Ethereum blockchain to prevent authorities from seizing their command-and-control systems.

International Collaboration and Next Steps

No arrests were immediately announced alongside the takedowns. However, the Justice Department confirmed that US authorities were actively working with law enforcement counterparts in Canada and Germany, who had taken aim at individuals believed to have operated the botnets.

"The United States is steadfast in our commitment to safeguarding critical internet infrastructure and fighting the cybercriminals who jeopardize its security, wherever they might live," stated US Attorney Michael J. Heyman.

The Threat Is Far From Over

Despite the significance of Thursday's operation, experts caution against viewing it as a permanent solution. Seaman, who has tracked multiple generations of DDoS operators dating back to Mirai itself, warns that even if these four botnets are gone for good, motivated hackers will inevitably build new ones to fill the void.

"The cat-and-mouse game continues. You catch one mouse, and 10 others scurry under the refrigerator," Seaman said. "The cats will prioritize the fat mice. But it's a long game."

The operation serves as a powerful demonstration of what coordinated international law enforcement action can achieve — while simultaneously highlighting the enduring and evolving nature of the cybercrime threat landscape.