Federal authorities in the United States, Canada, and Germany have successfully dismantled the infrastructure supporting four destructive botnets that compromised more than three million Internet of Things devices, including routers and web cameras. The coordinated law enforcement action targeted Aisuru, Kimwolf, JackSkid, and Mossad—networks responsible for launching record-breaking distributed denial-of-service attacks capable of overwhelming virtually any target.
Three nations dismantle four major IoT botnets
The U.S. Justice Department, working through the Department of Defense Office of Inspector General's Criminal Investigative Service, executed seizure warrants against multiple U.S.-registered domains, virtual servers, and related infrastructure used in DDoS campaigns. The botnets were responsible for hundreds of thousands of attacks, with operators frequently demanding extortion payments from victims. Some targeted organizations reported losses exceeding tens of thousands of dollars in recovery and remediation costs.
Millions of devices compromised in DDoS campaigns
Aisuru, the oldest of the four networks, issued over 200,000 attack commands, while JackSkid launched at least 90,000 strikes. Kimwolf orchestrated more than 25,000 attacks, and Mossad conducted approximately 1,000 digital assaults. Aisuru emerged in late 2024 and rapidly escalated to record-breaking attack volumes by mid-2025 as it infected new devices. The botnet later spawned Kimwolf in October 2025, introducing an innovative spreading mechanism that targeted systems protected by internal network security.
Coordinated takedown targets criminal infrastructure and operators
The vulnerability enabling Kimwolf's rapid propagation became public knowledge on January 2, 2026, when security researchers disclosed the flaw. Though this disclosure slowed Kimwolf's expansion, competing botnets have since adopted similar techniques to exploit vulnerable IoT devices. JackSkid similarly focused on compromising systems within internal networks.
Future threat landscape shifts to emerging variants
The Justice Department coordinated with the FBI's Anchorage Field Office and approximately two dozen technology companies to identify and eliminate the criminal infrastructure. Law enforcement also conducted parallel operations in Canada and Germany targeting individuals allegedly operating these botnets, though additional details remain undisclosed. The action aims to prevent further device infections and substantially reduce the botnets' capacity for future attacks.