U.S. Authorities on Thursday dismantled four major botnets – Aisuru, Kimwolf, JackSkid, and Mossad – used to launch some of the largest distributed denial-of-service (DDoS) attacks on record, the Justice Department announced. The operation, conducted in collaboration with Canadian and German law enforcement, targeted the command-and-control infrastructure underpinning the networks, which collectively compromised over three million devices.
The takedown involved the execution of seizure warrants for U.S.-registered domains, virtual servers, and other infrastructure utilized in DDoS attacks against Department of Defense internet addresses, according to the Justice Department. While no arrests have been announced, authorities in Canada and Germany are pursuing individuals believed to be operating the botnets.
Aisuru and Kimwolf, identified as particularly potent threats, have been linked to a record-breaking cyberattack last November against a Cloudflare customer, reaching a peak of 31.4 terabits per second. This volume of malicious traffic was nearly three times larger than any previously observed DDoS attack, according to Cloudflare. The combined capacity of the two botnets was described as equivalent to the simultaneous online activity of the populations of the United Kingdom, Germany, and Spain.
The botnets operated by renting out access to their compromised networks, enabling attackers to disrupt services ranging from gaming platforms like Minecraft to cybersecurity journalism outlets. Brian Krebs, a cybersecurity journalist who has extensively reported on botnet activity, was a repeated target of attacks originating from the Aisuru botnet last year.
The Justice Department stated that the operation aims to prevent further device infections and curtail the botnets’ ability to launch future attacks. Aisuru initiated over 200,000 attack commands, JackSkid at least 90,000, and Kimwolf more than 25,000, while Mossad was responsible for approximately 1,000 attacks, according to the government’s assessment.
All four botnets are variants of Mirai, an internet-of-things botnet that first emerged in 2016. Mirai gained notoriety for its large-scale attacks, including a 2016 incident that disrupted access to approximately 175,000 websites by targeting the domain-name service provider Dyn. The Mirai codebase has since served as the foundation for numerous subsequent IoT botnets.
Aisuru infected a diverse range of devices, including DVRs, network appliances, and webcams, while Kimwolf primarily compromised Android devices such as smart TVs and set-top boxes. The U.S. Attorney’s office has not yet commented on the identity of the Cloudflare customer targeted in the November attack.
“The United States is steadfast in our commitment to safeguarding critical internet infrastructure and fighting the cybercriminals who jeopardize its security, wherever they might live,” stated U.S. Attorney Michael J. Heyman. The investigation was led by the Defense Criminal Investigative Service, with assistance from the FBI’s field office in Anchorage, Alaska, and support from nearly two dozen technology companies.
Leave a Reply