International Law Enforcement Disrupts Aisuru and KimWolf Botnets Behind Record 31.4 Tbps DDoS Attack
What Happened — U.S., German and Canadian authorities seized virtual servers, domains and IP addresses used by the Aisuru, KimWolf, JackSkid and Mossad botnets, halting the infrastructure behind the largest DDoS attack ever recorded (31.4 Tbps against Cloudflare in Dec 2025). No arrests were announced, but residences were searched and cryptocurrency seized.
Why It Matters for TPRM —
- Large‑scale DDoS capability resides in compromised IoT devices that may be part of a vendor’s network.
- Disruption of botnet infrastructure can expose gaps in a third‑party’s DDoS mitigation and incident‑response posture.
- Ongoing botnet activity signals a persistent threat to any service relying on internet connectivity, including SaaS and CDN providers.
Who Is Affected — Cloud service providers, CDN operators, telecom carriers, SaaS platforms, and any organization that outsources internet‑facing services.
Recommended Actions — Review your vendors’ DDoS protection contracts, validate their bot‑net detection and mitigation controls, assess IoT device hygiene in your supply chain, and monitor threat intel feeds for Mirai‑family activity.
Technical Notes — The botnets are variants of the Mirai worm, leveraging compromised Android TV set‑top boxes as residential proxies. Attack vector was malware‑based device hijacking; no specific CVEs were cited. Data types compromised include device credentials and network topology information. Source: DataBreachToday