US Departments of Justice and Defense crush four massive botnets totaling 3,000,000 devices — botnets responsible for a combined 316,000 DDoS attacks globally

3 hours ago 3

The U.S. Department of Justice (DoJ) and its network of partners are on quite a roll lately, scoring the third botnet takedown in this calendar month alone. Not content with putting a stake through the hearts of LeakBase and SocksEscort, the DoJ brought offline the combination of networks known as Aisuru, Kimwolf, JackSkid, and Mossad.

The operation took out the command-and-control servers for a total of 3 million devices and had the help of the U.S. Department of Defense, Canada, Germany, and a group of major internet connectivity players, including Akamai, Amazon, and Cloudflare. The Defense Criminal Investigative Service seized multiple domains, virtual servers, and "other infrastructure."

Go deeper with TH Premium: Taiwan, trade, and tariffs

As of right now, there are no arrests reported, though German and Canadian authorities reportedly have their eyes on potential targets, namely a 15-year-old from Germany, and a Canadian 22-year-old who is presumed to be the infamous Kimwolf operator, alias "Dort".

Article continues below

The bulk of those infected devices belong to the rather large Aisuru and Kimwolf botnets, both of which were in the news recently due to the scale of the DDoS attacks performed through them. Notably but not exclusively, the largest attack was performed pretty recently in late January, smashing worldwide records at a record 31.4 Tb/s, enough bandwidth to take entire countries offline.

The Aisuru botnet primarily targets networking and adjacent gear, such as home and office routers, IP cameras, Wi-Fi access points, and gateways. Kimwolf's favorite nourishment, meanwhile, is Android-based streaming devices such as TV boxes, Smart TVs, Android tablets, and digital photo frames. Many of these devices come with the Android debugging mode wide enabled from the factory, and sometimes with preinstalled exploitable firmware, namely on cheap, no-name IPTV piracy set-top boxes.

The DoJ says that Aisuru was responsible for about 200,000 DDoS attacks, while Kimwolf scored 25,000, JackSkid 90,000, and Mossad 1,000. Some of those attacks made the bold move of striking at IP ranges owned by the US DoD.

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.

Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.

Bruno Ferreira is a contributing writer for Tom's Hardware. He has decades of experience with PC hardware and assorted sundries, alongside a career as a developer. He's obsessed with detail and has a tendency to ramble on the topics he loves. When not doing that, he's usually playing games, or at live music shows and festivals.

Read Entire Article