SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Editorial law enforcement disabling global botnet world map routers
#
Malware
#
Firewalls
#
DDoS

US-led raid disrupts record DDoS botnets worldwide

Tue, 24th Mar 2026
Author image
By Mark Tarre, News Chief

US authorities have disrupted command-and-control infrastructure used by the Aisuru, KimWolf, JackSkid and Mossad botnets in a coordinated operation with law enforcement agencies in Canada and Germany.

The four Internet of Things botnets were used to launch distributed denial-of-service attacks against victims around the world, according to the US Justice Department. Some reached about 30 terabits per second, which authorities described as record-breaking.

During the operation, the Defence Criminal Investigative Service executed seizure warrants targeting US-registered internet domains, virtual servers and other infrastructure that investigators allege was used in cyber-enabled criminal activity. That included DDoS attacks against IP addresses owned by the Department of Defence Information Network.

Court documents cited by prosecutors allege that the four botnets infected millions of devices worldwide. Most of the compromised systems were IoT devices such as digital video recorders, web cameras and Wi-Fi routers.

Investigators said the KimWolf and JackSkid botnets targeted devices usually shielded from the wider internet by firewalls. Once infected, the devices were controlled by operators who sold access to other cyber criminals under a cybercrime-for-hire model.

Authorities allege that those operators and their customers used the hijacked devices in hundreds of thousands of DDoS attacks against computers and servers worldwide. As of March 2026, more than three million devices had allegedly been hijacked globally, including hundreds of thousands in the United States.

Some victims reported losses and remediation costs of tens of thousands of dollars. Prosecutors said some attacks were also paired with extortion demands.

Court filings allege that Aisuru issued more than 200,000 DDoS attack commands. KimWolf allegedly issued more than 25,000, JackSkid more than 90,000 and Mossad more than 1,000.

International action

Canadian and German authorities carried out parallel measures targeting people alleged to have operated the botnets, as well as related infrastructure. US authorities identified the international partners as Germany's Bundeskriminalamt and Cologne's cyber prosecution office, along with the Royal Canadian Mounted Police, Ontario Provincial Police and Sûreté du Québec.

The operation aimed to disrupt communications linked to the four botnets, prevent further infections and limit their ability to launch additional attacks. The Defence Criminal Investigative Service led the investigation with assistance from the FBI Anchorage Field Office.

Michael J. Heyman, US Attorney for the District of Alaska, described the action as a cross-border effort. "Today, the United States joined international law enforcement partners in coordinated enforcement actions to disrupt DDoS threats impacting Alaskans and victims around the world," he said. "Effective collaboration bolsters our collective ability to combat emerging threats. The United States is steadfast in our commitment to safeguarding critical internet infrastructure and fighting the cybercriminals who jeopardize its security, wherever they might live," said Heyman.

Kenneth DeChellis, special agent in charge of the Department of Defence Office of Inspector General's Defence Criminal Investigative Service Cyber Field Office, said the case underscored the risks cyber attacks pose to military networks and related systems. "Today's disruption of four powerful botnets highlights our commitment to eliminate emerging cyber threats to the Department of Defence and its warfighters," he said. "Cybercriminals infiltrate infrastructure beyond physical borders and DCIS participates in international operations to help safeguard the Department's global footprint. Collaboration among law enforcement and industry partners has proven vital to this success."

Rebecca Day, special agent in charge of the FBI Anchorage Field Office, said investigators worked with domestic and overseas partners to identify and disable the infrastructure. "By working closely with DCIS and our international law enforcement partners, we collectively identified and disrupted criminal infrastructure used to carry out large-scale DDoS attacks," she said. "This operation reflects the strength of that collaboration and our shared commitment to combatting cybercrime and protecting victims worldwide," said Day.

US authorities also acknowledged assistance from a broad group of private-sector and non-profit organisations, including cloud providers, network operators, cybersecurity groups and payment companies, as well as Europol's PowerOFF team and Netherlands police.

Related stories
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching
IWF & Cyacomb launch workplace abuse material scans
Cork Cyber adds automated mapping to Vantage platform
How Atomgate uses education and partnership to drive successful SonicWall upgrades

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding