Law Enforcement Takes Down Four Massive IoT Botnets Behind 30 Tbps DDoS Floods
What Happened — The U.S. Department of Justice, together with international partners, seized control of four IoT‑focused botnets—Aisuru, KimWolf, JackSkid and Mossad—that had been used to launch record‑setting DDoS attacks exceeding 30 Tbps. The operation dismantled the command‑and‑control infrastructure and seized domains and servers linked to the criminal service.
Why It Matters for TPRM —
- IoT devices are often sourced from third‑party manufacturers with limited security hygiene, creating a supply‑chain attack surface.
- Botnet‑as‑a‑service can turn compromised vendor‑owned hardware into a weapon against your customers or partners, inflating remediation costs.
- Disruption of critical services via DDoS can breach service‑level agreements and damage reputation, even when no data is stolen.
Who Is Affected — Telecommunications, cloud service providers, financial institutions, healthcare networks, and any organization that relies on third‑party IoT hardware (e.g., DVRs, webcams, Wi‑Fi routers).
Recommended Actions —
- Conduct an inventory of all IoT assets and verify they are sourced from vetted vendors.
- Enforce strong authentication, firmware patching, and network segmentation for all IoT endpoints.
- Integrate DDoS detection and mitigation services into your third‑party risk program.
- Require vendors to provide evidence of secure development lifecycle (SDL) practices and incident‑response capabilities.
Technical Notes — The botnets leveraged malware that infected millions of consumer‑grade IoT devices, many of which lacked outbound firewall rules. Operators sold access to the botnets on a cyber‑crime‑as‑a‑service model, enabling hundreds of thousands of short‑duration UDP floods. No specific CVE was cited; the threat stemmed from insecure default configurations and lack of firmware updates. Source: Help Net Security