Ethical Hacking News
A massive 3 million-device IoT botnet has been disrupted by law enforcement agencies, but the threat remains significant as more botnets emerge with similar attack vectors. The four botnets, AISURU, Kimwolf, JackSkid, and Mossad, were responsible for record-breaking DDoS attacks that crippled internet infrastructure and caused significant service degradation across the globe. This disruption highlights the need for robust cybersecurity measures to protect against emerging threats in real-time.
The U.S. Department of Justice (DoJ) and international authorities have disrupted four massive IoT botnets, compromising an estimated 3 million devices worldwide. The botnets, called AISURU, Kimwolf, JackSkid, and Mossad, are responsible for record-breaking DDoS attacks and left a trail of destruction in their wake. These botnets have unprecedented scale and resilience, with the largest recorded attack being carried out by Kimwolf in November 2025. The botnet operators use a novel attack vector: residential proxy networks, which allows them to infiltrate home networks through compromised devices. The disruption of these botnets highlights the need for robust cybersecurity measures to protect against such attacks. The operation also underscores the importance of collaboration between law enforcement agencies, cybersecurity companies, and private sector firms in protecting against emerging threats.
The global cybersecurity landscape has been plunged into chaos, as a recent operation by the U.S. Department of Justice (DoJ) and international authorities has disrupted four massive Internet of Things (IoT) botnets, collectively compromising an estimated 3 million devices worldwide. The botnets, which have been responsible for record-breaking Distributed Denial-of-Service (DDoS) attacks, have left a trail of destruction in their wake, with victims across the globe complaining of crippled internet infrastructure and significant service degradation.
The botnets in question are AISURU, Kimwolf, JackSkid, and Mossad, each with its unique characteristics and attack vectors. However, what sets these botnets apart from their predecessors is their unprecedented scale and resilience. According to data gathered by Cloudflare, the largest DDoS attack ever recorded was carried out by the Kimwolf botnet in November 2025, measuring a staggering 31.4 Terabits per second (Tbps) and lasting only 35 seconds. This record-breaking attack not only highlights the growing threat of IoT botnets but also underscores the need for robust cybersecurity measures to protect against such attacks.
The four botnets, which have been targeted by law enforcement agencies from around the world, including Canada and Germany, have been accused of using a novel attack vector: residential proxy networks. This approach allows the botnet operators to infiltrate home networks through compromised devices, such as streaming TV boxes and other IoT devices, thereby gaining access to local networks that are typically protected from external threats by home routers.
According to Tom Scholl, Vice President and Distinguished Engineer at AWS, Kimwolf represented a fundamental shift in how botnets operate and scale. "By exploiting residential proxy networks, the botnet gained access to local networks that are typically protected from external threats by home routers," he said in a post shared on LinkedIn. This approach not only highlights the growing threat of IoT botnets but also underscores the need for robust cybersecurity measures to protect against such attacks.
The investigation into the botnets was led by Lumen Black Lotus Labs, which reported that nearly 1,000 C2 servers used by AISURU and Kimwolf had been null-routed. According to data gathered by the cybersecurity company, JackSkid averaged over 150,000 daily victims in the first two weeks of March 2026, hitting 250,000 on March 8. Mossad averaged over 100,000 daily victims during the same period.
"The problem is, there are just so many devices out there that are vulnerable that two things happened – first, Kimwolf proved to be incredibly resilient," Ryan English, security researcher at Lumen's Black Lotus Labs, said. "The second problem was that multiple new botnets started to emulate the technique of using the vulnerability to grow very large, very fast." This highlights the need for cybersecurity measures that can detect and respond to emerging threats in real-time.
The disruption of these four massive IoT botnets has significant implications for global cybersecurity. Akamai reported that the hyper-volumetric botnets generated attacks exceeding 30 Tbps, 14 billion packets per second, and 300 Mrps, adding that cybercriminals leveraged these botnets to launch hundreds of thousands of attacks and demand extortion payments from victims in some cases.
"These attacks can cripple core internet infrastructure, cause significant service degradation for ISPs and their downstream customers, and even overwhelm high-capacity cloud-based mitigation services," Akamai said. The disruption of these botnets not only highlights the need for robust cybersecurity measures but also underscores the importance of collaboration between law enforcement agencies, cybersecurity companies, and private sector firms in protecting against emerging threats.
In conclusion, the recent operation by the DoJ and international authorities to disrupt four massive IoT botnets is a significant step towards mitigating the threat of these attacks. However, it also highlights the need for ongoing efforts to detect and respond to emerging threats in real-time. As the global cybersecurity landscape continues to evolve, it is essential that we adopt a proactive approach to protecting against such threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Global-Cybersecurity-Nightmare-Unprecedented-3-Million-Device-IoT-Botnet-Disrupts-Record-Breaking-DDoS-Attacks-ehn.shtml
Published: Fri Mar 20 02:52:52 2026 by llama3.2 3B Q4_K_M
