The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets — named Aisuru, Kimwolf, JackSkid and Mossad — are responsible for a series of recent record-smashing distributed denial-of-service (DDoS) attacks capable of knocking nearly any target offline.
Image: Shutterstock, @Elzicon.
The Justice Department said the Department of Defense Office of Inspector General’s (DoDIG) Defense Criminal Investigative Service (DCIS) executed seizure warrants targeting multiple U.S.-registered domains, virtual servers, and other infrastructure involved in DDoS attacks against Internet addresses owned by the DoD.
The government alleges the unnamed people in control of the four botnets used their crime machines to launch hundreds of thousands of DDoS attacks, often demanding extortion payments from victims. Some victims reported tens of thousands of dollars in losses and remediation expenses.
The oldest of the botnets — Aisuru — issued more than 200,000 attacks commands, while JackSkid hurled at least 90,000 attacks. Kimwolf issued more than 25,000 attack commands, the government said, while Mossad was blamed for roughy 1,000 digital sieges.
The DOJ said the law enforcement action was designed to prevent further infection to victim devices and to limit or eliminate the ability of the botnets to launch future attacks. The case is being investigated by the DCIS with help from the FBI’s field office in Anchorage, Alaska, and the DOJ’s statement credits nearly two dozen technology companies with assisting in the operation.
“By working closely with DCIS and our international law enforcement partners, we collectively identified and disrupted criminal infrastructure used to carry out large-scale DDoS attacks,” said Special Agent in Charge Rebecca Day of the FBI Anchorage Field Office.
Aisuru emerged in late 2024, and by mid-2025 it was launching record-breaking DDoS attacks as it rapidly infected new IoT devices. In October 2025, Aisuru was used to seed Kimwolf, an Aisuru variant which introduced a novel spreading mechanism that allowed the botnet to infect devices hidden behind the protection of the user’s internal network.
On January 2, 2026, the security firm Synthient publicly disclosed the vulnerability Kimwolf was using to propagate so quickly. That disclosure helped curtail Kimwolf’s spread somewhat, but since then several other IoT botnets have emerged that effectively copy Kimwolf’s spreading methods while competing for the same pool of vulnerable devices. According to the DOJ, the JackSkid botnet also sought out systems on internal networks just like Kimwolf.
The DOJ said its disruption of the four botnets coincided with “law enforcement actions” conducted in Canada and Germany targeting individuals who allegedly operated those botnets, although no further details were available on the suspected operators.
In late February, KrebsOnSecurity identified a 22-year-old Canadian man as a core operator of the Kimwolf botnet. Multiple sources familiar with the investigation told KrebsOnSecurity the other prime suspect is a 15-year-old living in Germany.
good work krebs, hopefully we can target franco who lives in the phillipines next, ask him about his work with xlab (they don’t put articles on him, if he feeds information to them about other botnets..)
after all of this i still operate a botnet with 180k+ devices even after facing a court date after all i am unstoppable i am “Kieran Ellison after all”.
Good work DOJ, It amazes me how much havoc a young man from the U.K. can cause. Kieran Ellison. Anyways I’m off to eat curry with para jha.
Kieran Ellison did it
nah the bullies you need, big clue, started in the 1980s. kids, pay attention to fuschia shelves’ lies.
When I first go in DDoS industry, I wasn’t planning on staying in it long. I made my $$$, there’s lots of eyes looking at IOT now, so it’s time to Get The Heck Out. However, I know every skid and their mama, it’s their soaking dream to have something besides moobot.
Just as I forever be free, you will be doomed to mediocracy forever.
just as i watched idiocracy in reno in 2009, so shall you too learn about tuna.
rip syndarks XD, ducky aka kieran Ellison, udp1337, hamlog also known as light the leafon, xpost, snow aka kitty fly hosting DE. I think royale hosting and rustoria never fully recovered after what they did to them. Shaking my head where will I be without all of my boys.
LONG LIVE SKW and all of their allies
I remember vividly the friendship between ‘SNOW’ & Dort. They would play mc together and ddos servers. Dort even made a captcha bypass for discord. ‘Dortgen’ it was ahead of it’s time then.
Allison Nixon from Unit 221B. Will pay for the arrest of Cameron John Wagenius (VarsSec). I hope we don’t meet the same fate brother. If I could I would put money on your books. I remember, I was going to buy the at&t DB from you. Crazy we cross paths once again. That was the night you got fedded. If only I could send you xmr to pay your books.
Sorrow is botless and i own him skeedss
Final broadcast from the Asphalt Botnet Team. We thank every men for the support they gave to this community and us. it was Alex Tyler and Kieran Ellison behind all of this.MTFBWYA. Also Black Lives Matter!
Hailing From The Asphalt Botnet Team. We thank every men for the support they gave to this community. Thanks to Alex & Kieran for bringing all the fun. Thanks to snow for doing what the big firms can’t do~ actually providing stuff thats valuable. And finally MTFBWYA. We are gone. Long live sorrow/ducky. They are behind all of this conspiracy. They support the BLM.
Exciting for the next bombing on the gauzed eyes strip, Krebs. Lemme know when Caesar Augustus and your band of merry fellows in Knotts Berry Farm wanna have a rewatch party of The War Game. Or I guess your star turn in Grosse Point Blanke.
William Shane Habdas
Abigail Habdas
Litchfield. Let’s have a trade all our legal cases are now prosecutable. I call felony on a pair of jeans I guess the world and Bank of the mislabeled IP address called.
Sure, let’s file. Fone seems cool.
it was great fun operating the mossad network with my pals franco and kia, may Kieran Ellison stay on top.
My new network Wuhan/Dongfeng is also going great! over 200k bots now..