IoT Botnet Takedown: US, Canada & Germany Disrupt Massive DDoS Attacks

March 20, 2026 Rachel Kim – Technology Editor Technology

The U.S. Justice Department, alongside authorities in Canada and Germany, announced the disruption of four significant botnets – Aisuru, Kimwolf, JackSkid, and Mossad – responsible for a surge in large-scale distributed denial-of-service (DDoS) attacks. The coordinated action targeted the online infrastructure supporting these botnets, which collectively compromised over three million Internet of Things (IoT) devices, including routers and web cameras.

According to the Justice Department, the botnets have been utilized to launch hundreds of thousands of DDoS attacks, frequently accompanied by extortion demands. Victims have reported financial losses and significant costs associated with mitigating the attacks. Aisuru, the oldest of the four, initiated over 200,000 attack commands, while JackSkid launched at least 90,000. Kimwolf issued more than 25,000 commands, and Mossad was linked to approximately 1,000 attacks.

The Department of Defense Office of Inspector General’s (DoDIG) Defense Criminal Investigative Service (DCIS) executed seizure warrants for U.S.-registered domains, virtual servers, and other infrastructure used in DDoS attacks targeting DoD internet addresses. The law enforcement effort aimed to prevent further device infections and curtail the botnets’ capacity for future attacks.

Aisuru first emerged in late 2024, rapidly gaining momentum and launching record-breaking DDoS attacks by mid-2025 as it infected a growing number of IoT devices. In October 2025, Aisuru was used to propagate Kimwolf, a variant that introduced a fresh method of spreading, enabling it to infect devices even behind user firewalls. Security firm Synthient publicly disclosed Kimwolf’s vulnerability on January 2, 2026, which slowed its spread, but several other IoT botnets subsequently emerged, replicating Kimwolf’s techniques while competing for the same vulnerable devices. The JackSkid botnet also targeted systems on internal networks, mirroring Kimwolf’s approach.

While the Justice Department confirmed that law enforcement actions were also undertaken in Canada and Germany targeting individuals allegedly operating the botnets, specific details regarding these individuals remain undisclosed. KrebsOnSecurity reported in late February that a 22-year-old Canadian man is considered a key operator of the Kimwolf botnet, with a 15-year-old in Germany identified as another prime suspect.

Rebecca Day, Special Agent in Charge of the FBI Anchorage Field Office, stated, “By working closely with DCIS and our international law enforcement partners, we collectively identified and disrupted criminal infrastructure used to carry out large-scale DDoS attacks.” The investigation also received assistance from nearly two dozen technology companies.