Ethical Hacking News
Operation PowerOFF: The Global Crackdown on RapperBot Botnet – A 22-year-old man from Oregon has been charged with developing and overseeing a notorious DDoS-for-hire botnet, which has been used to conduct over 370,000 attacks targeting victims in over 80 countries. Follow us for more updates on this developing story.
The U.S. Department of Justice has charged Ethan Foltz, a 22-year-old man from Oregon, with developing and overseeing the RapperBot botnet since at least 2021. RapperBot is a highly sophisticated DDoS-for-hire botnet that primarily compromises devices such as Digital Video Recorders (DVRS) or Wi-Fi routers by infecting them with specialized malware. The botnet has been implicated in numerous high-profile attacks, including DDoS attacks and cryptojacking, targeting over 18,000 unique victims across the globe since April 2025. Prosecutors allege that Foltz and his co-conspirators have monetized RapperBot by providing access to a powerful DDoS botnet used in over 370,000 attacks. Foltz faces up to 10 years in prison if convicted of aiding and abetting computer intrusions.
The world of cybersecurity has witnessed yet another high-profile crackdown on a notorious botnet, this time targeting a group known as RapperBot. According to the U.S. Department of Justice (DoJ), Ethan Foltz, a 22-year-old man from Oregon, has been charged with developing and overseeing this distributed denial-of-service (DDoS)-for-hire botnet since at least 2021. This case marks an significant milestone in the ongoing efforts to dismantle criminal DDoS-for-hire infrastructures worldwide.
The RapperBot botnet, also known as 'Eleven Eleven Botnet' and 'CowBot,' is a highly sophisticated network that primarily compromises devices such as Digital Video Recorders (DVRS) or Wi-Fi routers at scale by infecting those devices with specialized malware. Clients of Rapper Bot then issue commands to those infected victim devices, forcing them to send large volumes of 'distributed denial-of-service' (DDoS) traffic to different victim computers and servers located throughout the world.
The botnet's origins can be traced back to early 2022, when it was first publicly documented by Fortinet. However, early campaigns were observed as far back as May 2021. Since then, RapperBot has been implicated in numerous high-profile attacks, including DDoS attacks targeting DeepSeek and X, as well as cryptojacking, where the botnet was used to profit off the compromised devices' compute resources by illicitly mining Monero.
Prosecutors allege that Foltz and his co-conspirators have been monetizing RapperBot by providing paying customers access to a powerful DDoS botnet that has been used to conduct over 370,000 attacks, targeting 18,000 unique victims across China, Japan, the United States, Ireland and Hong Kong from April 2025 to early August. The botnet is believed to have been comprised of roughly 65,000 to 95,000 infected victim devices, capable of pulling off DDoS attacks that measured between two and three Terabits per second (Tbps), with the largest attack likely exceeding 6 Tbps.
The investigation into RapperBot was part of an ongoing international effort called Operation PowerOFF, which aims to dismantle criminal DDoS-for-hire infrastructures worldwide. In addition to Foltz's arrest, law enforcement authorities conducted a search of his residence on August 6, 2025, seizing administrative control of the botnet infrastructure.
Foltz faces a maximum penalty of 10 years in prison if convicted of aiding and abetting computer intrusions. His case serves as a stark reminder of the ever-evolving nature of cyber threats and the need for continued vigilance from law enforcement agencies worldwide.
In recent months, we have seen an uptick in high-profile botnet takedowns, with notable examples including the ERMAC V3.0 banking Trojan source code leak and Cisco's warning of a CVSS 10.0 FMC RADIUS flaw allowing remote code execution. These cases highlight the ongoing cat-and-mouse game between cybercriminals and law enforcement agencies.
As we move forward in this digital landscape, it is clear that cybersecurity remains an ever-evolving challenge. The efforts to dismantle RapperBot serve as a shining example of international cooperation and the power of concerted effort in combating these types of threats.
In conclusion, the RapperBot case serves as a stark reminder of the importance of vigilance in the face of evolving cyber threats. As we continue to navigate this complex digital landscape, it is essential that we remain aware of the dangers posed by botnets like RapperBot and take proactive steps to protect ourselves against these types of attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Operation-PowerOFF-The-Global-Crackdown-on-RapperBot-Botnet-ehn.shtml
https://thehackernews.com/2025/08/doj-charges-22-year-old-for-running.html
https://www.cbsnews.com/news/rapper-bot-ethan-foltz-ddos-cyberattacks-charges/
https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/
https://breach-hq.com/threat-actors
Published: Wed Aug 20 01:00:04 2025 by llama3.2 3B Q4_K_M
