The U.S. Justice Department announced on Mar. 19 a coordinated law enforcement operation to disrupt the command and control infrastructure of four major Internet of Things (IoT) botnets—Aisuru, KimWolf, JackSkid, and Mossad—that were responsible for launching large-scale Distributed Denial of Service (DDoS) attacks globally.
The operation is significant because these botnets infected millions of devices worldwide, including digital video recorders, web cameras, and WiFi routers. The attacks reached up to 30 Terabits per second in some cases, setting records for their scale and impact. Victims suffered tens of thousands of dollars in losses and remediation expenses as a result of these cyberattacks.
According to court documents, the operators behind these botnets used a "cybercrime as a service" model by selling access to compromised devices to other cybercriminals. The Aisuru botnet alone issued more than 200,000 DDoS attack commands, while KimWolf issued over 25,000 commands, JackSkid launched more than 90,000 commands, and Mossad was responsible for over 1,000 such attacks. As of March 2026, more than three million devices had been hijacked worldwide by these administrators.
U.S. Attorney Michael J. Heyman for the District of Alaska said: “Today, the United States joined international law enforcement partners in coordinated enforcement actions to disrupt DDoS threats impacting Alaskans and victims around the world. Effective collaboration bolsters our collective ability to combat emerging threats. The United States is steadfast in our commitment to safeguarding critical internet infrastructure and fighting the cybercriminals who jeopardize its security, wherever they might live.”
Special Agent in Charge Kenneth DeChellis of the Department of Defense Office of Inspector General’s Defense Criminal Investigative Service (DCIS), Cyber Field Office said: “Today’s disruption of four powerful botnets highlights our commitment to eliminate emerging cyber threats to the Department of Defense and its warfighters. Cybercriminals infiltrate infrastructure beyond physical borders and DCIS participates in international operations to help safeguard the Department’s global footprint. Collaboration among law enforcement and industry partners has proven vital to this success.”
Special Agent in Charge Rebecca Day of the FBI Anchorage Field Office added: “By working closely with DCIS and our international law enforcement partners, we collectively identified and disrupted criminal infrastructure used to carry out large-scale DDoS attacks. This operation reflects the strength of that collaboration and our shared commitment to combatting cybercrime and protecting victims worldwide.”
The investigation was led by DoDIG DCIS with assistance from the FBI Anchorage Field Office. Law enforcement agencies from Canada—including Royal Canadian Mounted Police (RCMP), Ontario Provincial Police (OPP), Sûreté du Québec (SQ)—and Germany's Bundeskriminalamt (BKA) also participated in related operations targeting both administrators and infrastructure associated with these botnets.
Several private sector companies provided support during this investigation including Akamai, Amazon Web Services, Cloudflare, DigitalOcean, Google, PayPal among others.
Assistant U.S. Attorney Adam Alexander is prosecuting this matter for the District of Alaska.
Authorities encourage anyone with information about these or other DDoS threats to contact them at DCIS-PowerOff@DoDIG.mil.
