Authorities Disrupt IoT Botnet Infrastructure Behind Record-Breaking 30 Tbps DDoS Attacks

Home Cyber Security Authorities Disrupt IoT Botnet Infrastructure Behind Record-Breaking 30 Tbps DDoS Attacks Authorities Disrupts IoT Botnet Authorities have successfully dismantled the command-and-control (C2) infrastructure powering four massive Internet of Things (IoT) botnets. The U.S. Justice Department, collaborating closely with Canadian and German agencies, targeted the administrators and architecture behind the Aisuru, KimWolf, JackSkid, and Mossad botnets. Together, these malicious networks infected over three million devices globally and launched catastrophic Distributed Denial of Service (DDoS) attacks, with peak volumetric traffic reaching an unprecedented 30 Terabits per second (Tbps). The botnets primarily weaponized vulnerable IoT infrastructure, including digital video recorders, web cameras, and enterprise WiFi routers. The threat actors built an expansive botnet army by exploiting poor default security postures and known vulnerabilities. Notably, the operators behind the KimWolf and JackSkid botnets demonstrated sophisticated evasion capabilities, specifically targeting and infecting devices that were traditionally isolated and positioned behind network firewalls. Once compromised, these devices were enslaved into a massive “cybercrime-as-a-service” platform. The administrators monetized their illicit infrastructure by leasing access to other threat actors, effectively democratizing the ability to launch highly disruptive volumetric and application-layer DDoS attacks. These attacks targeted servers worldwide, notably including critical infrastructure and IP addresses owned by the Department of Defense Information Network (DoDIN). Botnet Family Attack Commands Issued Primary Target Focus Aisuru > 200,000 Global infrastructure and servers JackSkid > 90,000 Firewalled IoT devices KimWolf > 25,000 Firewalled IoT devices Mossad > 1,000 General IoT devices The sheer scale of the combined botnets allowed threat actors to launch hundreds of thousands of coordinated campaigns. Victims facing these record-breaking 30 Tbps attacks experienced severe operational downtime, resulting in tens of thousands of dollars in remediation costs and direct financial losses. In many instances, the cybercriminals leveraged this overwhelming attack capacity as a coercive tool, demanding extortion payments from targeted organizations to halt the malicious traffic flow. As of March 2026, hundreds of thousands of the three million globally infected devices were located within the United States. The operational takedown focused on surgically severing the communication channels between the infected IoT endpoints and the threat actors’ C2 architecture. The Defense Criminal Investigative Service (DCIS), supported by the FBI Anchorage Field Office, executed numerous seizure warrants targeting U.S.-registered internet domains, virtual servers, and related cyber infrastructure utilized by the botnet operators. Simultaneous legal actions and target apprehensions were conducted by Germany’s Bundeskriminalamt (BKA) and Canada’s Royal Canadian Mounted Police (RCMP) to disable the individuals operating the networks. This operation underscores the critical necessity of public-private threat intelligence sharing in the modern security landscape. Law enforcement agencies were supported by a vast coalition of technology and security firms, including Akamai, Amazon Web Services, Cloudflare, The Shadowserver Foundation, and Team Cymru. This collective intelligence allowed authorities to map the vast C2 networks and execute a coordinated disruption, severely limiting the operators’ ability to issue further attack commands and preventing future infections. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News CISA Warns of Zimbra Collaboration Suite Vulnerability Exploited in Attacks Cyber Security News CISA Urges Organizations to Secure Microsoft Intune Environments Following Stryker Breach Cyber Security Critical Ubiquiti UniFi Vulnerabilities Allow Attackers to Seize Full Control of Underlying Systems Top 10 Essential E-Signature Solutions for Cybersecurity in 2026 January 31, 2026 Top 10 Best Data Removal Services In 2026 January 29, 2026 Best VPN Services of 2026: Fast, Secure & Affordable January 26, 2026 Top 10 Best Data Security Companies in 2026 January 23, 2026 Top 15 Best Ethical Hacking Tools – 2026 January 15, 2026