Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation

Summary

The US Department of Justice announced a successful international operation to disrupt four major IoT botnets—Aisuru, Kimwolf, JackSkid, and Mossad—that collectively compromised over 3 million devices including DVRs, cameras, and routers. The botnets issued more than 315,000 DDoS attack commands, with Aisuru and Kimwolf linked to a record-breaking 31.4 Tbps DDoS attack in February 2026. Law enforcement in the US, Germany, and Canada seized infrastructure including domains, virtual servers, and other assets used by the botnet operators.

Full text

The US Justice Department on Thursday announced the results of an international operation to disrupt several IoT botnets used by threat actors to launch distributed denial-of-service (DDoS) attacks. The operation targeted the Aisuru, Kimwolf, JackSkid, and Mossad botnets and involved several major cybersecurity and tech companies, as well as law enforcement in Germany and Canada. Authorities said the botnets have compromised more than 3 million devices as of March 2026, including DVRs, cameras, Wi-Fi routers, and other IoT devices. Aisuru has made headlines over the past several months for its massive DDoS attacks, including several record-breaking attacks. It is tightly connected to Kimwolf, which is essentially Aisuru’s Android-focused successor. Kimwolf was in the spotlight for abusing residential proxy networks to expand and for ensnaring roughly 2 million devices. Aisuru and Kimwolf were both linked by Cloudflare in February to the largest DDoS attack recorded to date, which peaked at 31.4 Tbps.Advertisement. Scroll to continue reading. According to the DoJ, cybercriminals used the Aisuru botnet to issue over 200,000 DDoS attack commands, while Kimwolf issued 25,000 such commands. JackSkid and Mossad are lesser-known botnets, but the DoJ said they issued 90,000 and 1,000 DDoS attack commands, respectively. AWS, which was involved in the takedown, reported that just like Kimwolf, the JackSkid botnet used residential proxy networks to grow. The botnet disruption efforts included seizing multiple internet domains, virtual servers, and other infrastructure used by Aisuru, Kimwolf, JackSkid, and Mossad. The DoJ said law enforcement agencies in Canada and Germany “conducted their own operations targeting botnet administrators and botnet infrastructure”, but did not say whether anyone was arrested. Related: SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown Related: Tycoon 2FA Phishing Platform Dismantled in Global Takedown Related: RedVDS Cybercrime Service Disrupted by Microsoft and Law Enforcement Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs CISA Warns of Attacks Exploiting Recent SharePoint VulnerabilityCisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware AttacksIranian Hackers Likely Used Malware-Stolen Credentials in Stryker BreachResearcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t PatchUK Companies House Exposed Details of Millions of Firms Google, Meta, Microsoft Among Signatories of Pact to Combat ScamsOracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential ImpactHacking Attempt Reported at Poland’s Nuclear Research Center Latest News Critical Langflow Vulnerability Exploited Hours After Public DisclosureOasis Security Raises $120 Million for Agentic Access Management1stProtect Emerges From Stealth With $20 Million in FundingCritical ScreenConnect Vulnerability Exposes Machine KeysPrivacy Platform Cloaked Raises $375M to Expand Enterprise ReachIran Readied Cyberattack Capabilities for Response Prior to Epic FuryMarquis Data Breach Affects 672,000 IndividualsSecurity Firm Aura Discloses Data Breach Impacting 900,000 Records Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the MoveSecurityBridge has promoted Holger Hügel to Chief Technology Officer.Armis has appointed Simon Mouyal as Chief Marketing Officer.Omada has named Jakob H. Kraglund as Chief Executive Officer.More People On The MoveExpert Insights The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How to 10x Your Vulnerability Management Program in the Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose a Critical Flaw in Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• malware — Aisuru
• malware — Kimwolf
• malware — JackSkid
• malware — Mossad