DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks
DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks
https://thehackernews.com/2026/03/doj-disrupts-3-million-device-iot.html
Publish Date: 2026-03-20 02:25:00
Source Domain: thehackernews.com
The U.S. Department of Justice (DoJ) on Thursday announced the disruption of command-and-control (C2) infrastructure used by several Internet of Things (IoT) botnets like AISURU, Kimwolf, JackSkid, and Mossad as part of a court-authorized law enforcement operation.
The effort also saw authorities from Canada and Germany targeting the operators behind these botnets, with a number of private sector firms, including Akamai, Amazon Web Services, Cloudflare, DigitalOcean, Google, Lumen, Nokia, Okta, Oracle, PayPal, SpyCloud, Synthient, Team Cymru, Unit 221B, and QiAnXin XLab assisting in the investigation efforts.
“The four botnets launched distributed denial-of-service (DDoS) attacks targeting victims around the world,” the DoJ said. “Some of these attacks measured approximately 30 Terabits per second, which were record-breaking attacks.”
In a report last month, Cloudflare attributed AISURU/Kimwolf to a massive 31.4 Tbps DDoS attack that occurred in November 2025 and lasted only 35 seconds. Towards the end of last year, the botnet was also responsible for a series of hyper-volumetric DDoS attacks that had an average size of 3 billion packets per second (Bpps), 4 Tbps, and 54 million requests per second (Mrps).
Independent security journalist Brian Krebs also traced the administrator of Kimwolf to a 23-year-old Jacob Butler (aka Dort) from Ottawa, Canada. Butler told Krebs he has not used the Dort persona since 2021 and claimed someone is impersonating him after compromising his old account.
Butler also said, “he mostly stays home and helps his mom around the house because he struggles with autism and social interaction.” According to Krebs, the other prime suspect is a 15-year-old residing in Germany. No arrests have been announced.
First documented by XLab in December 2025, Kimwolf has conscripted more than 2 million Android devices into its network, most of which are compromised, off-brand Android smart TVs and set-top boxes. It’s an Android-focused version of…
