CP
cyberpings
Malware & RansomwareHIGH

DDoS Botnets Disrupted - Aisuru and Kimwolf Targeted

SWSecurityWeek
AisuruKimwolfDDoSJackSkidMossad
🎯

Basically, authorities shut down powerful networks used for online attacks.

Quick Summary

An international operation has disrupted major DDoS botnets Aisuru and Kimwolf, impacting over 3 million devices. This highlights the ongoing threat of IoT botnets and the need for robust security measures.

What Happened

On March 20, 2026, the US Justice Department announced a significant operation targeting several notorious DDoS botnets: Aisuru, Kimwolf, JackSkid, and Mossad. This international effort involved collaboration among major cybersecurity firms and law enforcement agencies from Germany and Canada. The operation aimed to disrupt these botnets, which have compromised over 3 million IoT devices like DVRs, cameras, and routers, leading to widespread distributed denial-of-service (DDoS) attacks.

Aisuru has gained notoriety for its record-breaking DDoS attacks, including one that peaked at an astonishing 31.4 Tbps. Kimwolf, viewed as Aisuru's successor focused on Android devices, has also been implicated in significant attacks. The operation not only targeted the botnets but also involved seizing domains and infrastructure used by these cybercriminals.

Who's Being Targeted

The botnets affected by this operation have a broad reach, compromising millions of devices worldwide. Aisuru and Kimwolf are particularly notable for their scale and impact. Aisuru has issued over 200,000 DDoS attack commands, while Kimwolf has issued 25,000 commands. Lesser-known botnets like JackSkid and Mossad also played a role in the attacks, issuing 90,000 and 1,000 commands, respectively.

The targeting of these botnets underscores the growing threat posed by IoT devices, which are often less secure and can be easily exploited. The use of residential proxy networks by these botnets has allowed them to expand their reach significantly, making them a persistent threat.

Signs of Infection

Identifying a compromised device can be challenging, but there are key signs to watch for. Users may notice unusual spikes in internet traffic or slow performance on their devices. Additionally, if devices are unexpectedly rebooting or behaving erratically, they could be part of a botnet.

To protect against such infections, it’s crucial to maintain updated firmware on all IoT devices. Regularly changing passwords and disabling unnecessary features can also help mitigate risks. Users should be vigilant and monitor their devices for any unusual activity.

How to Protect Yourself

To safeguard against DDoS attacks and botnet infections, users should take proactive measures. Here are some recommended actions:

  • Update Firmware: Regularly check for and install updates on all IoT devices.
  • Change Default Passwords: Use strong, unique passwords for each device to enhance security.
  • Monitor Network Traffic: Keep an eye on your network for unusual spikes or unauthorized access.
  • Disable Unused Features: Turn off any features or services on devices that are not in use to reduce vulnerabilities.

By implementing these strategies, users can significantly reduce their risk of falling victim to botnet attacks and contribute to a safer online environment.

🔒 Pro insight: The disruption of these botnets signals a coordinated effort to combat the rising tide of IoT-based DDoS threats, emphasizing the need for continuous vigilance.

Original article from

SecurityWeek · Eduard Kovacs

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

GSocket Backdoor - Malicious Bash Script Discovered

A malicious Bash script has been discovered that installs a GSocket backdoor on victims' computers. This poses a significant risk as the source and delivery method remain unknown. Users should be vigilant and avoid executing untrusted scripts.

SANS ISC·
HIGHMalware & Ransomware

DDoS Botnets Disrupted - International Action Taken

International authorities have disrupted major DDoS botnets targeting IoT devices. Millions of devices were compromised, causing significant service disruptions. This operation aims to prevent future attacks and protect critical infrastructure.

BleepingComputer·
HIGHMalware & Ransomware

Malware - SILENTCONNECT Deploys ScreenConnect via VBScript

SILENTCONNECT malware is stealthily targeting Windows machines, using VBScript and PowerShell to deploy ScreenConnect. This poses a significant risk to corporate security. Organizations must enhance their defenses to combat this sophisticated threat.

Cyber Security News·
HIGHMalware & Ransomware

Malware - DoJ Disrupts Massive IoT Botnets Behind DDoS Attacks

The DoJ has disrupted major IoT botnets responsible for record DDoS attacks. Over 3 million devices were compromised, impacting global internet infrastructure. This operation highlights the ongoing threat of IoT vulnerabilities.

The Hacker News·
HIGHMalware & Ransomware

EDR Killers Explained - Attackers Abuse Vulnerable Drivers

ESET researchers reveal the growing threat of EDR killers in ransomware attacks. These tools disable security measures, making organizations vulnerable. Understanding their operation is crucial for effective defense.

WeLiveSecurity (ESET)·
HIGHMalware & Ransomware

Malware - Feds Disrupt IoT Botnets Behind DDoS Attacks

The U.S. Justice Department has disrupted four major IoT botnets responsible for massive DDoS attacks. Over three million devices were compromised, causing significant financial losses for victims. This decisive action aims to prevent future cyber threats and protect vulnerable networks.

Krebs on Security·