International law enforcement, including the US DOJ and FBI, has successfully shut down the Aisuru, KimWolf, JackSkid, and Mossad botnets. These criminal networks hijacked over three million home devices to launch record-breaking cyberattacks.
In a win for cybersecurity, law enforcement agencies from across the globe have successfully dismantled multiple botnets used in large-scale DDoS attacks (Distributed Denial of Service attacks). According to the US Department of Justice, a coordinated operation disrupted four notorious botnets known as Aisuru, KimWolf, JackSkid, and Mossad.
For context, botnets are basically armies of hijacked internet-connected everyday items (Also known as Internet of Things or IoT devices), like your home Wi-Fi router, digital video recorder, or security camera, which are forced to work together to target websites or private networks with DDoS attacks.
The operation involved seizing internet domains and virtual servers to cut off the link between the hackers and the hijacked devices. Authorities involved in this operation included the FBI, the Defense Criminal Investigative Service (DCIS), the Royal Canadian Mounted Police, and the German federal police. Several tech giants and cybersecurity companies also aided authorities in tracking these botnets.
“The US Justice Department thanks Akamai, Amazon Web Services, Cloudflare, DigitalOcean, Epieos, Google, Hydrolix, Lumen, Nokia, Okta, Oracle, PayPal, Registrar of Last Resort, The Shadowserver Foundation, Sony Interactive Entertainment, SpyCloud, Synthient, Team Cymru, Unit 221B, XLAB, and Netherlands Politie and EUROPOL’s PowerOFF team for their assistance provided during this investigation and operation,” DoJ acknowledged in its press release.
According to Akamai’s research, these botnets were responsible for some of the largest attacks ever seen. At their peak, they could move 30 Terabits of data per second. That is enough power to cripple the core infrastructure of the internet itself.
Research also revealed that by March 2026, these four botnets had compromised over three million devices globally. Their operators used a cybercrime-as-a-service (CaaS) model, renting out these botnets to other hackers.
The Aisuru network alone sent out over 200,000 attack commands, while KimWolf issued more than 25,000, the JackSkid launched 90,000 DDoS, and the Mossad botnet sent 1,000 DDoS attack commands.
Worse, some victims reported losing tens of thousands of dollars in expenses just to fix the damage caused by these digital attacks. The KimWolf and JackSkid botnets were particularly sneaky, as they could infect devices that were traditionally hidden behind firewalls.
Taken together, this takedown shows both how far these cybercriminal operations had scaled and what coordinated global action can achieve when agencies and private companies move in sync. Millions of everyday devices were quietly turned into weapons, often without their owners’ knowledge, highlighting how exposed basic internet hardware still is.
While shutting down these four botnets is a major disruption, the model behind them, renting out attack power as a service, is still active and profitable. That also means this is not the end of the problem. The same model, renting out attack power and exploiting weak, unpatched devices, is still out there and still making money.
Therefore, without stronger device security, faster updates, and ongoing coordination between governments and tech companies, it would not take much for similar networks to reappear under different names.
Deeba Ahmed
