Authorities Mess Up IoT Authorities have successfully taken down the command-and-control (C2) networks that run four huge Internet of Things (IoT) botnets This article explores iot botnets justice. . The U.S. Justice Department worked closely with Canadian and German agencies to go after the people in charge of the Aisuru, KimWolf, JackSkid, and Mossad botnets.

Find out more Threat intelligence feeds Software for finding threats Devices for network security Together, these bad networks infected more than three million devices around the world and launched devastating Distributed Denial of Service (DDoS) attacks that sent an unprecedented 30 Terabits per second (Tbps) of traffic. The botnets mostly used weak IoT infrastructure as weapons, such as digital video recorders, web cameras, and enterprise WiFi routers. The bad guys made a huge botnet army by taking advantage of weak default security settings and known flaws.

The people behind the KimWolf and JackSkid botnets were very good at getting around security measures. They specifically went after and infected devices that were normally protected by network firewalls and were not connected to the internet. Once these devices were hacked, they became part of a huge "cybercrime-as-a-service" platform.

The administrators made money off of their illegal infrastructure by renting it out to other threat actors. This made it possible for anyone to launch very disruptive volumetric and application-layer DDoS attacks. These attacks hit servers all over the world, including important infrastructure and IP addresses owned by the Department of Defense Information Network (DoDIN).

Commands for Botnet Family Attacks Issued Primary Target Focus Aisuru > 200,000 Global infrastructure and servers JackSkid has more than 90,000 IoT devices behind firewalls. KimWolf has more than 25,000 IoT devices with firewalls Mossad has more than 1,000 general IoT devices. The size of the combined botnets made it possible for threat actors to run hundreds of thousands of coordinated campaigns.

Victims of these record-breaking 30 Tbps attacks had to deal with a lot of downtime, which cost them tens of thousands of dollars in repairs and lost money. In a lot of cases, the hackers used this huge amount of attack power as a threat, forcing targeted businesses to pay them money to stop the bad traffic. By March 2026, hundreds of thousands of the three million devices that were infected around the world were in the United States.

Learn more about IT security audits Tools for digital forensics Courses in ethical hacking The operational takedown was all about cutting off the communication lines between the infected IoT endpoints and the threat actors' C2 architecture. The Defense Criminal Investigative Service (DCIS), with help from the FBI Anchorage Field Office, carried out a number of seizure warrants on U.S.-registered internet domains, virtual servers, and other cyber infrastructure used by the botnet operators. Germany's Bundeskriminalamt (BKA) and Canada's Royal Canadian Mounted Police (RCMP) took legal action and arrested people at the same time to stop the people who were running the networks.

This operation shows how important it is for the public and private sectors to share threat intelligence in today's security environment.

A huge group of tech and security companies, such as Akamai, Amazon Web Services, Cloudflare, The Shadowserver Foundation, and Team Cymru, helped law enforcement. This shared knowledge helped the authorities map out the huge C2 networks and carry out a coordinated disruption. This made it very hard for the operators to send out more attack commands and stopped future infections., LinkedIn, and X for daily updates on cybersecurity.

Get in touch with us if you want your stories to be featured.