Global Crackdown Dismantles 4 Botnets Behind Major DDoS Attacks

Summary

International law enforcement, led by the US DOJ and FBI, successfully shut down four major botnets—Aisuru, KimWolf, JackSkid, and Mossad—that hijacked over 3 million IoT devices to conduct record-breaking DDoS attacks capable of moving 30 Terabits per second. The operation involved seizing domains and servers while leveraging support from major tech companies including Google, Amazon, Cloudflare, and others. Despite the takedown, cybersecurity experts warn that the botnet-as-a-service model remains profitable and active, making similar operations likely to resurface under different names without stronger device security and faster patching.

Full text

Cyber CrimeGlobal Crackdown Dismantles 4 Botnets Behind Major DDoS Attacks Global crackdown dismantles Aisuru, KimWolf, JackSkid and Mossad botnets behind major DDoS attack campaigns targeting millions of devices worldwide. byDeeba AhmedMarch 23, 20262 minute read International law enforcement, including the US DOJ and FBI, has successfully shut down the Aisuru, KimWolf, JackSkid, and Mossad botnets. These criminal networks hijacked over three million home devices to launch record-breaking cyberattacks. In a win for cybersecurity, law enforcement agencies from across the globe have successfully dismantled multiple botnets used in large-scale DDoS attacks (Distributed Denial of Service attacks). According to the US Department of Justice, a coordinated operation disrupted four notorious botnets known as Aisuru, KimWolf, JackSkid, and Mossad. For context, botnets are basically armies of hijacked internet-connected everyday items (Also known as Internet of Things or IoT devices), like your home Wi-Fi router, digital video recorder, or security camera, which are forced to work together to target websites or private networks with DDoS attacks. The operation involved seizing internet domains and virtual servers to cut off the link between the hackers and the hijacked devices. Authorities involved in this operation included the FBI, the Defense Criminal Investigative Service (DCIS), the Royal Canadian Mounted Police, and the German federal police. Several tech giants and cybersecurity companies also aided authorities in tracking these botnets. “The US Justice Department thanks Akamai, Amazon Web Services, Cloudflare, DigitalOcean, Epieos, Google, Hydrolix, Lumen, Nokia, Okta, Oracle, PayPal, Registrar of Last Resort, The Shadowserver Foundation, Sony Interactive Entertainment, SpyCloud, Synthient, Team Cymru, Unit 221B, XLAB, and Netherlands Politie and EUROPOL’s PowerOFF team for their assistance provided during this investigation and operation,” DoJ acknowledged in its press release. According to Akamai’s research, these botnets were responsible for some of the largest attacks ever seen. At their peak, they could move 30 Terabits of data per second. That is enough power to cripple the core infrastructure of the internet itself. Research also revealed that by March 2026, these four botnets had compromised over three million devices globally. Their operators used a cybercrime-as-a-service (CaaS) model, renting out these botnets to other hackers. The Aisuru network alone sent out over 200,000 attack commands, while KimWolf issued more than 25,000, the JackSkid launched 90,000 DDoS, and the Mossad botnet sent 1,000 DDoS attack commands. Worse, some victims reported losing tens of thousands of dollars in expenses just to fix the damage caused by these digital attacks. The KimWolf and JackSkid botnets were particularly sneaky, as they could infect devices that were traditionally hidden behind firewalls. Taken together, this takedown shows both how far these cybercriminal operations had scaled and what coordinated global action can achieve when agencies and private companies move in sync. Millions of everyday devices were quietly turned into weapons, often without their owners’ knowledge, highlighting how exposed basic internet hardware still is. While shutting down these four botnets is a major disruption, the model behind them, renting out attack power as a service, is still active and profitable. That also means this is not the end of the problem. The same model, renting out attack power and exploiting weak, unpatched devices, is still out there and still making money. Therefore, without stronger device security, faster updates, and ongoing coordination between governments and tech companies, it would not take much for similar networks to reappear under different names. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts AisuruBotnetCyber CrimeCybersecurityDDOSFBIIoTJackSkidKimwolfMalwareMossad Leave a Reply Cancel reply View Comments (0) Related Posts Cyber Crime Leaks Security 2 scraped LinkedIn databases with 500m and 827m records sold online None of the databases contain LinkedIn users' passwords; the data in the records is enough for cybercriminals to carry out a number of attacks. byWaqas Cyber Crime DoJ seizes $1 billion in Bitcoin linked to Silk Road marketplace The Feds were able to identify 54 undetected cryptocurrency transactions linked to the seized Silk Road marketplace leading them to seize Bitcoin. byDeeba Ahmed Hacking News Cyber Crime Social Media Some Meta Employees and Security Guards Hacked User Accounts The fired individuals included on-contract security guards who worked for Meta and could access an internal tool for employees. byDeeba Ahmed Cyber Crime Social Media Wanted Florida Man Taunts Police on their Facebook Page, Gets Arrested Florida man who is on the top of the wanted list was found making fun of the cops… byOwais Sultan

Indicators of Compromise

• malware — Aisuru
• malware — KimWolf
• malware — JackSkid
• malware — Mossad