Authorities Disrupt IoT Botnet Infrastructure Behind Record-Breaking 30 Tbps DDoS Attacks
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Authorities have successfully dismantled the command-and-control (C2) infrastructure powering four massive Internet of Things (IoT) botnets.<\/p>\n
The U.S. Justice Department, collaborating closely with Canadian and German agencies, targeted the administrators and architecture behind the Aisuru<\/a>, KimWolf, JackSkid, and Mossad botnets.<\/p>\n Together, these malicious networks infected over three million devices globally and launched catastrophic Distributed Denial of Service (DDoS) attacks, with peak volumetric traffic reaching an unprecedented 30 Terabits per second (Tbps).<\/p>\n The botnets primarily weaponized vulnerable IoT infrastructure, including digital video recorders, web cameras, and enterprise WiFi routers. The threat actors built an expansive botnet army by exploiting poor default security postures and known vulnerabilities.<\/p>\n Notably, the operators behind the KimWolf and JackSkid botnets demonstrated sophisticated evasion capabilities, specifically targeting and infecting devices that were traditionally isolated and positioned behind network firewalls.<\/p>\n Once compromised, these devices were enslaved into a massive \u201ccybercrime-as-a-service\u201d platform. The administrators monetized their illicit infrastructure by leasing access to other threat actors, effectively democratizing the ability to launch highly disruptive volumetric and application-layer DDoS attacks<\/a>.<\/p>\n These attacks targeted servers worldwide, notably including critical infrastructure and IP addresses owned by the Department of Defense Information Network (DoDIN).<\/p>\n