- An international operating has disrupted four global botnets
- The botnets operated over 3 million devices for DDoS attacks
- The US, Canada, and Germany worked together to disrupt infrastructure and individuals
A global botnet responsible for a record breaking 31.4 Tbps DDoS attack has been disrupted by an international operation.
Law enforcement from the United States, Germany, and Canada targeted Command and Control (C2) infrastructure, virtual servers, and internet domains used to infect Internet of Things (IoT) devices.
The US Justice Department said the infrastructure was being used by Aisuru, KimWolf, JackSkid, and Mossad, and contained more than three million infected devices across the globe.
Global botnet disruption
The Justice Department explained that the operation was conducted simultaneously, with partners in Canada and Germany targeting the individuals responsible for operating the botnets.
“Some of these attacks measured approximately 30 Terabits per second, which were record-breaking attacks,” the Justice Department added.
The Aisuru botnet has been used in numerous record breaking DDoS attacks, including a 15.72 Tbps attack against Microsoft Azure. The KimWolf botnet operated over 1.8 million Android devices, while the Justice Department said the lesser-known JackSkid group has “launched more than 90,000 DDoS attack commands.” The Mossad botnet launched over 1,000 attack commands
DDoS botnets usually consist of internet connected ‘smart’ devices such as digital video recorders, web cameras, or Wi-Fi routers - but almost any internet connected device can be used as part of a botnet.
The companies responsible for creating these internet connected devices often do not roll out regular software updates, leaving the devices at risk of being hijacked. For example, the KimWolf botnet was largely made up of smart TV and media devices.
“Today, the United States joined international law enforcement partners in coordinated enforcement actions to disrupt DDoS threats impacting Alaskans and victims around the world,” said U.S. Attorney Michael J. Heyman for the District of Alaska.
“Effective collaboration bolsters our collective ability to combat emerging threats. The United States is steadfast in our commitment to safeguarding critical internet infrastructure and fighting the cybercriminals who jeopardize its security, wherever they might live.”
