Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation

The US Justice Department on Thursday announced the results of an international operation to disrupt several IoT botnets used by threat actors to launch distributed denial-of-service (DDoS) attacks. The operation targeted the Aisuru, Kimwolf, JackSkid, and Mossad botnets and involved several major cybersecurity and tech companies, as well as law enforcement in Germany and Canada. Authorities said the botnets have compromised more than 3 million devices as of March 2026, including DVRs, cameras, Wi-Fi routers, and other IoT devices. Aisuru has made headlines over the past several months for its massive DDoS attacks, including several record-breaking attacks. It is tightly connected to Kimwolf, which is essentially Aisuru’s Android-focused successor. Kimwolf was in the spotlight for abusing residential proxy networks to expand and for ensnaring roughly 2 million devices.  Aisuru and Kimwolf were both linked by Cloudflare in February to the largest DDoS attack recorded to date, which peaked at 31.4 Tbps. According to the DoJ, cybercriminals used the Aisuru botnet to issue over 200,000 DDoS attack commands, while Kimwolf issued 25,000 such commands. JackSkid and Mossad are lesser-known botnets, but the DoJ said they issued 90,000 and 1,000 DDoS attack commands, respectively.  AWS, which was involved in the takedown, reported that just like Kimwolf, the JackSkid botnet used residential proxy networks to grow. The botnet disruption efforts included seizing multiple internet domains, virtual servers, and other infrastructure used by Aisuru, Kimwolf, JackSkid, and Mossad. The DoJ said law enforcement agencies in Canada and Germany “conducted their own operations targeting botnet administrators and botnet infrastructure”, but did not say whether anyone was arrested. Related: SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown Related: Tycoon 2FA Phishing Platform Dismantled in Global Takedown Related: RedVDS Cybercrime Service Disrupted by Microsoft and Law Enforcement WRITTEN BY Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs CISA Warns of Attacks Exploiting Recent SharePoint Vulnerability Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t Patch UK Companies House Exposed Details of Millions of Firms  Google, Meta, Microsoft Among Signatories of Pact to Combat Scams Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact Hacking Attempt Reported at Poland’s Nuclear Research Center Latest News Oasis Security Raises $120 Million for Agentic Access Management 1stProtect Emerges From Stealth With $20 Million in Funding Critical ScreenConnect Vulnerability Exposes Machine Keys Privacy Platform Cloaked Raises $375M to Expand Enterprise Reach Iran Readied Cyberattack Capabilities for Response Prior to Epic Fury Marquis Data Breach Affects 672,000 Individuals Security Firm Aura Discloses Data Breach Impacting 900,000 Records Hacker Conversations: Ben Harris, From Unintentional Young Hacker to Intentional Adult CEO Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the Move SecurityBridge has promoted Holger Hügel to Chief Technology Officer. Armis has appointed Simon Mouyal as Chief Marketing Officer. Omada has named Jakob H. Kraglund as Chief Executive Officer. More People On The Move Expert Insights The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How To 10x Your Vulnerability Management Program In The Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose A Critical Flaw In Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat As Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How To Eliminate The Technical Debt Of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Flipboard Reddit Whatsapp Email