An Oregon resident has been charged in the District of Alaska with offenses related to the creation and operation of the “Rapper Bot” DDoS-for-hire botnet. The federal criminal complaint, announced on August 19, 2025, alleges that Ethan Foltz, 22, from Eugene, Oregon, was responsible for managing Rapper Bot.
Court documents state that Rapper Bot—also known as “Eleven Eleven Botnet” and “CowBot”—compromised devices such as digital video recorders and WiFi routers using specialized malware. Clients reportedly used these infected devices to launch distributed denial-of-service (DDoS) attacks against computers and servers worldwide.
Investigators allege that Foltz and his associates profited by providing paying customers access to this botnet. According to the complaint, Rapper Bot targeted victims in over 80 countries. Targets included a U.S. government network, a social media platform, and several U.S. technology companies. Between April 2025 and the present, more than 370,000 attacks were conducted on 18,000 unique victims.
The complaint details that Rapper Bot operated between roughly 65,000 to 95,000 infected devices at any time. These devices enabled regular DDoS attacks typically measuring two to three terabits per second; one attack may have surpassed six terabits per second. Investigators found at least five infected devices in Alaska were used in these attacks.
According to court filings, DDoS attacks have become more powerful over time and can result in financial losses due to lost revenue and increased costs for affected organizations. An average attack lasting half a minute could cost victims anywhere from $500 to $10,000. Some clients allegedly leveraged these attack volumes for extortion purposes.
On August 6, law enforcement executed a search warrant at Foltz’s residence in Oregon. Authorities subsequently disabled Rapper Bot’s attack functions and gained administrative control over it. Since transferring control of the botnet to the Defense Criminal Investigative Service (DCIS), no new attacks have been reported by private sector partners.
“Rapper Bot was one of the most powerful DDoS botnets to ever exist, but the outstanding investigatory work by DCIS cyber agents and support of my office and industry partners has put an end to Foltz’s time as administrator and effectively disrupted the activities of this transnational criminal group,” said U.S. Attorney Michael J. Heyman for the District of Alaska. “Our office remains committed to disrupting and dismantling cyber criminals that threaten internet security and infrastructure in the District of Alaska and across the United States.”
“Today’s announcement highlights the ongoing efforts by law enforcement to disrupt and dismantle emerging cyber threats targeting the Department of Defense and the defense industrial base,” said Special Agent in Charge Kenneth DeChellis of the Department of Defense Office of Inspector General, DCIS, Cyber Field Office. “The Rapper Bot malware was a clear threat, and the focused efforts of DCIS, our industry partners, and the federal prosecutors at the U.S. Attorney’s Office in Alaska sends a clear signal to those who would harm the DoD’s personnel, infrastructure, and intellectual property that their actions will come at a cost.”
Foltz faces one count of aiding and abetting computer intrusions with a maximum penalty of ten years’ imprisonment if convicted; sentencing will be determined by a federal district court judge following consideration of relevant guidelines.
The case is being investigated by DCIS with assistance from several organizations including Akamai Technologies Inc., Amazon Web Services Inc., Cloudflare Inc., Digital Ocean LLC., Flashpoint Intelligence LLC., Google LLC., PayPal Holdings Inc., Unit 221B LLC., as well as support from Operation PowerOFF—a global law enforcement initiative targeting criminal DDoS-for-hire services.
Assistant U.S. Attorney Adam Alexander is prosecuting this matter.
A criminal complaint is only an allegation; all defendants are presumed innocent until proven guilty beyond reasonable doubt.
