US, Germany, Canada disrupt botnets that infected millions of devices
United States Department of Justice logo and U.S. flag are seen in this illustration taken April 23, 2025. REUTERS/Dado Ruvic/Illustration
NEW YORK, March 20 : Law enforcement agencies in the United States, Germany and Canada have carried out an operation to take down infrastructure used by four major botnets that infected more than 3 million devices worldwide.
The U.S. Department of Justice said in a statement on Thursday the malicious networks - Aisuru, KimWolf, JackSkid and Mossad - were used to launch distributed denial-of-service (DDoS) attacks, with some Department of Defense websites among the targets.
German police said on Friday law enforcement agencies had identified two suspected administrators of the botnets who will now face legal consequences.
"Searches were conducted at their residences in Germany and Canada, and extensive evidence was seized," it said in a statement. "In addition to numerous data storage devices, cryptocurrencies worth tens of thousands of dollars were also confiscated."
Most infected devices were part of the so-called Internet of Things, or web-connected appliances like webcams, digital video recorders, or Wi-Fi routers, according to the U.S. DOJ.
Operators of the botnets carried out hundreds of thousands of DDoS attacks, targeting computers and servers around the world, including IP addresses owned by the Department of Defense Information Network. In some cases, they demanded payments from their victims, according to the statement.
German police said devices could be compromised without the knowledge of their owners, and those with no security updates or weak passwords were especially at risk.
"Furthermore, resources of the Kimwolf botnet were rented out as a so-called residential proxy network. This allowed third parties to use the infected devices as an anonymization layer for a fee, without the knowledge of the actual owner," police said.
"Today’s disruption of four powerful botnets highlights our commitment to eliminate emerging cyber threats to the Department of Defense and its warfighters,” said Kenneth DeChellis, a special agent in charge at the Department of Defense Investigative Service.
The DOJ statement listed nearly two dozen major tech companies that helped the operation, including Amazon Web Services, Google, PayPal and Nokia, and the PowerOff team of the European Union's law enforcement agency, Europol, whose operation against cybercriminals focusing on DDoS attacks has been running since 2017.
