The U.S. Justice Department, alongside Canadian and German authorities, dismantled four IoT botnets — Aisuru, Kimwolf, JackSkid, and Mossad — that compromised over three million devices including routers and webcams. The botnets collectively launched hundreds of thousands of DDoS attacks, some record-breaking, and extorted victims for payments. Aisuru emerged in late 2024 and spawned Kimwolf, which used a novel spreading mechanism to infect devices on internal networks. The disruption involved seizure of U.S.-registered domains and servers, with law enforcement actions also targeting suspected operators in Canada and Germany, including a 22-year-old Canadian and a 15-year-old German national.
Sort: