The digital landscape faced a significant disruption this week as U.S. Law enforcement dismantled four major botnets – JackSkid, Mossad, Aisuru, and Kimwolf – responsible for some of the largest and most disruptive distributed denial-of-service (DDoS) attacks ever recorded. The coordinated takedown, announced Thursday by the Department of Justice, represents a substantial effort to combat the growing threat of cybercrime and protect critical internet infrastructure. These botnets, comprised of over 3 million compromised devices, were not only used to launch attacks themselves but were also frequently rented out to other malicious actors, amplifying their reach and impact.
DDoS attacks, overwhelm a target server with traffic, rendering it inaccessible to legitimate users. The scale of these attacks has been steadily increasing, posing a serious risk to businesses, government agencies, and essential online services. The dismantling of these botnets is a critical step in mitigating this threat, but experts warn that the underlying problem of vulnerable internet-connected devices remains a significant challenge. The collaborative effort involving the U.S. Department of Justice, the Defense Criminal Investigative Service, and international partners in Canada and Germany underscores the global nature of cybercrime and the need for coordinated responses.
The Aisuru and Kimwolf botnets, in particular, gained notoriety for their unprecedented attack capabilities. According to cybersecurity firm Cloudflare, these two botnets, working in tandem, unleashed a staggering cyberattack last November that peaked at 31.4 terabits per second (Tbps). This attack, lasting just 35 seconds, was nearly three times larger than any previously recorded DDoS attack, demonstrating the immense power and potential for disruption these botnets possessed. The sheer volume of malicious traffic is described by Cloudflare as equivalent to the combined online activity of the populations of the United Kingdom, Germany, and Spain simultaneously hitting ‘enter’ on a website address.
The Anatomy of a Botnet: How Devices Are Compromised
Botnets are built upon networks of compromised computers and internet-connected devices – often without the owners’ knowledge. These devices, ranging from everyday electronics like DVRs, webcams, and smart TVs to more complex network appliances, are infected with malware that allows attackers to remotely control them. The Mirai botnet, which first emerged in 2016, pioneered this approach, exploiting vulnerabilities in internet-of-things (IoT) devices. The Aisuru, Kimwolf, JackSkid, and Mossad botnets are all considered variants of Mirai, demonstrating the enduring legacy of this early malware.
The appeal of IoT devices to botnet operators lies in their often-weak security measures and widespread availability. Many consumers fail to change default passwords or regularly update their devices’ software, leaving them vulnerable to exploitation. Once a device is compromised, it becomes a “bot” – a silent participant in the botnet, ready to be commanded by the attacker. The operators then leverage these vast networks of bots to launch DDoS attacks, send spam, steal data, or engage in other malicious activities. The Justice Department stated that the four botnets taken down collectively controlled more than 3 million devices, highlighting the scale of this problem.
Record-Breaking Attacks and Targeted Victims
The Aisuru botnet, in particular, has been linked to a series of high-profile attacks in recent months. Cybersecurity journalist Brian Krebs, a frequent target of DDoS attacks, was repeatedly targeted by the Aisuru botnet last year. Krebs, known for his in-depth investigations into the cybercrime underworld, has been a vocal critic of botnet operators and their activities. The botnet’s capabilities were also demonstrated in attacks against gaming services, including Minecraft, disrupting online gameplay for thousands of users. KrebsOnSecurity detailed the attacks, noting the botnet’s ability to blanket U.S. Internet service providers with malicious traffic.
The November 2025 attack orchestrated by Aisuru and Kimwolf against a Cloudflare customer reached an unprecedented 31.4 Tbps, surpassing previous records by a significant margin. While Cloudflare has not disclosed the identity of the targeted customer, the attack underscored the potential for these botnets to cripple even well-protected online services. The speed of the attack – peaking in just 35 seconds – further highlights the sophistication and efficiency of the botnet infrastructure. This event prompted a detailed DDoS threat report from Cloudflare, outlining the growing trend of hyper-volumetric HTTP DDoS attacks.
The Global Response and Ongoing Investigation
The U.S. Department of Justice’s takedown of these botnets was a collaborative effort, extending beyond national borders. Authorities in Canada and Germany simultaneously targeted individuals believed to be operating the botnets, demonstrating a unified front against cybercrime. While no arrests have been announced at this time, the investigation is ongoing, and further legal action is expected. U.S. Attorney Michael J. Heyman emphasized the government’s commitment to safeguarding critical internet infrastructure and pursuing those who threaten its security, stating, “The United States is steadfast in our commitment to safeguarding critical internet infrastructure and fighting the cybercriminals who jeopardize its security, wherever they might live.”
The dismantling of these botnets involved removing the command-and-control servers that allowed attackers to control the compromised devices. By taking down these servers, law enforcement effectively severed the connection between the attackers and their botnet armies, rendering the compromised devices harmless. Though, experts caution that this is not a permanent solution. Botnet operators are constantly developing fresh techniques to evade detection and rebuild their networks. The ongoing evolution of malware and the increasing number of vulnerable IoT devices necessitate a continuous and proactive approach to cybersecurity.
Looking Ahead: Protecting Against Future Threats
The takedown of Aisuru, Kimwolf, JackSkid, and Mossad represents a significant victory in the fight against cybercrime, but it is only one battle in an ongoing war. The proliferation of vulnerable IoT devices and the increasing sophistication of botnet operators pose a continuing threat to internet security. According to Cloudflare, DDoS attacks surged by 121% in 2025, reaching an average of 5,376 attacks automatically mitigated every hour. The total number of DDoS attacks more than doubled to 47.1 million in 2025, with network-layer attacks accounting for 78% of all incidents in the fourth quarter.
Protecting against future threats requires a multi-faceted approach. Consumers can take steps to secure their own devices by changing default passwords, regularly updating software, and disabling unnecessary features. Businesses and organizations should invest in robust cybersecurity measures, including DDoS mitigation services and intrusion detection systems. International cooperation and information sharing are essential to effectively combat cybercrime on a global scale. The collaborative effort demonstrated in this recent takedown serves as a model for future partnerships in the fight against malicious actors online.
The incident serves as a stark reminder of the interconnectedness of the digital world and the importance of cybersecurity for all internet users. As our reliance on online services continues to grow, protecting critical infrastructure from DDoS attacks and other cyber threats will remain a paramount concern.
Authorities are continuing to investigate the individuals behind these botnets, and further updates are expected in the coming weeks. The Department of Justice has not yet announced a timeline for potential arrests or prosecutions. We will continue to monitor this developing story and provide updates as they become available.
What are your thoughts on the increasing threat of DDoS attacks? Share your comments below, and let us know how these events impact your online experience.