The US Justice Department said it has taken action to disrupt a network of cybercriminal botnets used to carry out large-scale internet attacks that infected more than 3 million devices globally. The operation targeted four botnets — Aisuru, KimWolf, JackSkid and Mossad — which were used to launch Distributed Denial of Service (DDoS) attacks worldwide. The action was carried out with support from law enforcement agencies in Canada and Germany. Officials said the botnets had infected millions of devices, including routers and cameras, and were used to carry out cyberattacks and extortion attempts.
Operation targets global cyber infrastructure
The Justice Department said the operation focused on shutting down command and control infrastructure used by the botnets. Authorities seized U.S.-based domains and servers linked to the activity. The action was carried out by the Defense Criminal Investigative Service (DCIS) with support from the FBI.The botnets were also linked to attacks on systems connected to the Department of Defense.
Millions of devices infected
According to court documents, the botnets infected more than three million devices globally, including hundreds of thousands in the United States. Most affected devices were Internet of Things (IoT) products such as cameras, digital recorders and WiFi routers.“According to court documents, the four botnets targeted in the operation together infected millions of devices worldwide. The majority of these devices were IoT devices, such as digital video recorders, web cameras, or WiFi routers,” reads an official release by the Justice Department.Some botnets targeted devices that are usually protected behind firewalls. “The KimWolf and JackSkid botnets are accused of targeting and infecting devices which are traditionally “firewalled” from the rest of the internet. The infected devices were enslaved by the botnet operators,” the department said.
Used for large-scale cyberattacks
Officials said the infected devices were controlled by cybercriminals and used to launch attacks.The botnets carried out hundreds of thousands of DDoS attacks. Some attacks reached speeds of up to 30 terabits per second. The Aisuru botnet issued over 200,000 attack commands, while KimWolf, JackSkid and Mossad also carried out thousands of attacks.“Court documents allege that the Aisuru botnet issued more than 200,000 DDoS attack commands, the KimWolf botnet issued more than 25,000 DDoS attack commands, the JackSkid botnet launched more than 90,000 DDoS attack commands and the Mossad botnet launched more than 1,000 DDoS attack commands,” the department said in a press release.Some victims reported financial losses and costs linked to fixing the attacks.
International coordination and response
The operation was carried out along with law enforcement agencies in Germany and Canada. U.S. Attorney Michael J. Heyman said, “The United States is steadfast in our commitment to safeguarding critical internet infrastructure and fighting the cybercriminals who jeopardize its security.”DCIS Special Agent Kenneth DeChellis said, “Cybercriminals infiltrate infrastructure beyond physical borders and DCIS participates in international operations to help safeguard the Department’s global footprint.”FBI Special Agent Rebecca Day said, “This operation reflects the strength of that collaboration and our shared commitment to combatting cybercrime and protecting victims worldwide.” The Justice Department said the action is aimed at preventing further attacks and stopping the spread of infections.
