Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
Recorded: March 24, 2026, 2:26 a.m.
| Original | Summarized |
Feds Disrupt IoT Botnets Behind Huge DDoS Attacks – Krebs on Security Advertisement Advertisement Skip to content HomeAbout the Author Feds Disrupt IoT Botnets Behind Huge DDoS Attacks March 19, 2026 32 Comments The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets — named Aisuru, Kimwolf, JackSkid and Mossad — are responsible for a series of recent record-smashing distributed denial-of-service (DDoS) attacks capable of knocking nearly any target offline. This entry was posted on Thursday 19th of March 2026 08:49 PM Post navigation 32 thoughts on “Feds Disrupt IoT Botnets Behind Huge DDoS Attacks” Alex Tyler March 19, 2026 good work krebs, hopefully we can target franco who lives in the phillipines next, ask him about his work with xlab (they don’t put articles on him, if he feeds information to them about other botnets..) Reply → Kieran Ellison March 19, 2026 after all of this i still operate a botnet with 180k+ devices even after facing a court date after all i am unstoppable i am “Kieran Ellison after all”. Reply → Elliot, J .Peterson March 19, 2026 Good work DOJ, It amazes me how much havoc a young man from the U.K. can cause. Kieran Ellison. Anyways I’m off to eat curry with para jha. Reply → john March 20, 2026 where did you get uk from Reply → Mark James March 19, 2026 Kieran Ellison did it Reply → scary zoo March 20, 2026 nah the bullies you need, big clue, started in the 1980s. kids, pay attention to fuschia shelves’ lies. Reply → Josiah White March 19, 2026 When I first go in DDoS industry, I wasn’t planning on staying in it long. I made my $$$, there’s lots of eyes looking at IOT now, so it’s time to Get The Heck Out. However, I know every skid and their mama, it’s their soaking dream to have something besides moobot. Reply → OGMEMES123123 March 19, 2026 Just as I forever be free, you will be doomed to mediocracy forever. Reply → apeks March 20, 2026 just as i watched idiocracy in reno in 2009, so shall you too learn about tuna. Reply → Exploitable on telegram March 19, 2026 rip syndarks XD, ducky aka kieran Ellison, udp1337, hamlog also known as light the leafon, xpost, snow aka kitty fly hosting DE. I think royale hosting and rustoria never fully recovered after what they did to them. Shaking my head where will I be without all of my boys. Reply → Daytwo March 19, 2026 LONG LIVE SKW and all of their allies Reply → Benjamin March 19, 2026 I remember vividly the friendship between ‘SNOW’ & Dort. They would play mc together and ddos servers. Dort even made a captcha bypass for discord. ‘Dortgen’ it was ahead of it’s time then. Reply → Kiberphant0m March 19, 2026 Allison Nixon from Unit 221B. Will pay for the arrest of Cameron John Wagenius (VarsSec). I hope we don’t meet the same fate brother. If I could I would put money on your books. I remember, I was going to buy the at&t DB from you. Crazy we cross paths once again. That was the night you got fedded. If only I could send you xmr to pay your books. Reply → Zyper March 20, 2026 Sorrow is botless and i own him skeedss Reply → North&Angela March 20, 2026 Final broadcast from the Asphalt Botnet Team. We thank every men for the support they gave to this community and us. it was Alex Tyler and Kieran Ellison behind all of this.MTFBWYA. Also Black Lives Matter! Reply → North&Angela March 20, 2026 Hailing From The Asphalt Botnet Team. We thank every men for the support they gave to this community. Thanks to Alex & Kieran for bringing all the fun. Thanks to snow for doing what the big firms can’t do~ actually providing stuff thats valuable. And finally MTFBWYA. We are gone. Long live sorrow/ducky. They are behind all of this conspiracy. They support the BLM. Reply → Mike H. March 20, 2026 Exciting for the next bombing on the gauzed eyes strip, Krebs. Lemme know when Caesar Augustus and your band of merry fellows in Knotts Berry Farm wanna have a rewatch party of The War Game. Or I guess your star turn in Grosse Point Blanke. Reply → Matt C. March 20, 2026 William Shane Habdas Reply → Kieran Ellisonn March 20, 2026 it was great fun operating the mossad network with my pals franco and kia, may Kieran Ellison stay on top. Reply → Justin March 20, 2026 Apparently bru’s Wuhan botnet in 2024 will bring us all the great random person on twitter, KOVACS, we need back to really add shame up that Madison avenue pill commercial empire in my old LVM partition. Great times, death made at least twenty mil on that case. Reply → Some bitch I shared cashews with in McCarran March 20, 2026 Apparently bru’s Wuhan botnet in 2024 will bring us all the great random person on twitter, KOVACS, we need back to really add shame up that Madison avenue pill commercial empire in my old LVM partition. Great times, death made at least twenty mil on that case. Reply → Fred Trump March 20, 2026 Criminals now available to work for the Trump administration. Reply → que March 20, 2026 related? Reply → Puzzled March 20, 2026 200,000 attacks commands, 90,000 attacks, 25,000 attack commands, and 1,000 digital sieges… Are those synonyms or are different things being counted? Reply → Renata Feldmann March 21, 2026 get acct pswd, hackerspy_tech on g ma 1L Reply → ALLHAILMINGTAO March 21, 2026 Next you should make an article on Deus botnet ran by fern aka james whittaker, he has infected over 700,000 android devices and must be stopped immediately! Reply → Skip M Middleton March 21, 2026 Important work, and needed, but it also highlights the structural gap, botnet takedowns are episodic and after the fact, these networks were already issuing hundreds of thousands of attack commands before disruption, and the underlying model, cheap, distributed, easily reconstituted sources, doesn’t change, what keeps scaling is coordination across millions of nodes, so the real control point has to move from identifying infrastructure to controlling coordinated behavior in real time, if the network can suppress that behavior upstream once it shows up, it starts to matter a lot less which botnet is generating the traffic Reply → Miksu March 21, 2026 Long live Krebs—great work! Reply → Neha Reddy March 23, 2026 IMPORTANT ALERT: DORT IS ON TOP JOIN UP gg/krebble Reply → Neha Nair March 23, 2026 SAAR BRIAN KREBS IS A PEDO DONT SUPPORT HIM JOIN GG/krebble Reply → Alok Singh March 23, 2026 USEFUL BRIAN KREBS IS A PEDO DONT SUPPORT HIM JOIN GG/krebble Reply → Manoj Singh March 23, 2026 VITAL gg/krebble is on top and dort owns you Reply → Leave a Reply Cancel replyYour email address will not be published. Required fields are marked *Comment * Name * Δ Advertisement Advertisement Search for: Recent Posts ‘CanisterWorm’ Springs Wiper Attack Targeting Iran Feds Disrupt IoT Botnets Behind Huge DDoS Attacks Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker Microsoft Patch Tuesday, March 2026 Edition How AI Assistants are Moving the Security Goalposts A Little Sunshine All About Skimmers Ashley Madison breach Breadcrumbs Data Breaches DDoS-for-Hire DOGE Employment Fraud How to Break Into Security Internet of Things (IoT) Latest Warnings Ne'er-Do-Well News Other Pharma Wars Ransomware Russia's War on Ukraine Security Tools SIM Swapping Spam Nation Target: Small Businesses Tax Refund Fraud The Coming Storm Time to Patch Web Fraud 2.0 Why So Many Top Hackers Hail from Russia © Krebs on Security - Mastodon |
The U.S. Department of Justice, in conjunction with international law enforcement partners including Canada and Germany, has successfully dismantled a significant network of Internet of Things (IoT) botnets responsible for numerous large-scale distributed denial-of-service (DDoS) attacks. According to investigative journalist Brian Krebs’s reporting, four distinct botnets – Aisuru, Kimwolf, JackSkid, and Mossad – were identified and neutralized. These botnets, comprised of over three million compromised IoT devices, including routers and web cameras, were utilized by their operators to launch attacks capable of overwhelming online targets and causing widespread disruption. Krebs details how the Defense Criminal Investigative Service (DCIS), part of the Department of Defense Office of Inspector General (DoDIG), executed seizure warrants targeting the infrastructure supporting these botnets. The alleged operators engaged in demanding extortion payments, with some victims reporting losses exceeding tens of thousands of dollars. Aisuru, the oldest of the botnets, initiated over 200,000 attack commands, while JackSkid directed at least 90,000, with Kimwolf issuing more than 25,000 and Mossad approximately 1,000. A crucial element of this operation involved the rapid dissemination of information regarding vulnerabilities. Synthient publicly disclosed a weakness exploited by Kimwolf, allowing the botnet to propagate aggressively, infecting new devices hidden behind user networks. This disclosure, according to the report, somewhat slowed Kimwolf’s growth, but it highlighted a concerning trend: the adoption of similar spreading mechanisms by other emerging botnets competing for access to vulnerable IoT devices. The Justice Department’s actions were focused on preventing further damage and limiting the botnets’ ability to launch future attacks. The investigation involved collaboration with nearly two dozen technology companies, as noted by Krebs’ report. Special Agent in Charge Rebecca Day of the FBI Anchorage Field Office emphasized the importance of international cooperation in addressing these sophisticated cyber threats. The report further notes the concurrent law enforcement actions taken in Canada and Germany, targeting individuals suspected of operating the botnets, though specifics were not disclosed. Krebs’ article highlights the evolving nature of these attacks, pointing to the involvement of individuals such as Kieran Ellison, a participant in the “Asphalt Botnet Team,” and the extensive network of “boys” associated with the operation. Additionally, the investigation uncovered connections to individuals involved in prior botnet activities, including former participants in the “Sorrow” botnet and references to a network named “Wuhan/Dongfeng” operated by Kieran Ellison. The reporting also touches upon the legacies of prior botnet operators, such as ducky (Kieran Ellison), and the broader ecosystem of cybercriminals involved in the IoT botnet landscape. The narrative established by Krebs underscores the persistent challenge of mitigating DDoS attacks, especially those originating from compromised IoT devices. The focus on coordinated behavior and the difficulty of disrupting these networks in real-time were emphasized. |