DOJ Disrupts 3‑Million‑Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Assault
What Happened — The U.S. Department of Justice, in coordination with Canadian and German authorities, seized command‑and‑control (C2) servers used by four large IoT botnets (AISURU, Kimwolf, JackSkid, Mossad). The operation dismantled an estimated 3 million compromised devices that had been generating a record‑setting 31.4 Tbps of distributed denial‑of‑service (DDoS) traffic.
Why It Matters for TPRM —
- IoT devices embedded in third‑party products can become a massive attack surface if not securely provisioned.
- A single compromised botnet can disrupt global services, exposing downstream customers to operational risk.
- Law‑enforcement takedowns highlight the need for continuous monitoring of supply‑chain threat intelligence.
Who Is Affected — Cloud‑service providers, telecom operators, manufacturing firms, energy utilities, and any organization that integrates third‑party IoT hardware or firmware.
Recommended Actions —
- Conduct a security‑by‑design review of all IoT vendors and firmware update processes.
- Enforce network segmentation and strict egress filtering to limit botnet C2 communications.
- Subscribe to threat‑intel feeds that track IoT botnet activity and incorporate alerts into vendor risk dashboards.
Technical Notes — The botnets leveraged default credentials and unpatched firmware vulnerabilities to recruit devices, then used them for high‑volume UDP/ICMP amplification attacks. No specific CVE was disclosed, but the underlying issue is widespread insecure IoT deployments. Source: The Hacker News