HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

International Law Enforcement Disrupts Four IoT Botnets Behind Millions of Devices and Record DDoS Attacks

U.S., Canadian and German authorities have taken down the command‑and‑control servers of four IoT botnets—Aisuru, Kimwolf, JackSkid and Mossad—that compromised over three million devices and launched hundreds of thousands of DDoS attacks. The takedown reduces the risk of service disruption for vendors that rely on vulnerable IoT hardware.

LiveThreat™ Intelligence · 📅 April 06, 2026· 📰 krebsonsecurity.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
5 sector(s)
Actions
4 recommended
📰
Source
krebsonsecurity.com

International Law Enforcement Disrupts Four IoT Botnets Behind Millions of Devices and Record DDoS Attacks

What Happened — The U.S. Department of Justice, together with Canadian and German authorities, seized the command‑and‑control infrastructure of four IoT botnets—Aisuru, Kimwolf, JackSkid and Mossad—that had compromised more than three million routers, webcams and other connected devices. The botnets were responsible for hundreds of thousands of large‑scale DDoS attacks and extortion attempts that forced victims to incur tens of thousands of dollars in losses and remediation costs.

Why It Matters for TPRM

  • IoT devices are increasingly embedded in third‑party vendor environments; a compromised device can be leveraged to disrupt critical services.
  • DDoS attacks can cripple SaaS platforms, cloud gateways, and remote‑access solutions that your organization relies on.
  • The takedown highlights the importance of continuous monitoring of third‑party network footprints and the need for robust device‑hardening policies.

Who Is Affected — Telecommunications, cloud service providers, managed service providers, manufacturers of IoT hardware, and any enterprise that integrates consumer‑grade routers or cameras into its network.

Recommended Actions

  • Inventory all IoT assets within your vendor ecosystem and verify firmware is up‑to‑date.
  • Enforce network segmentation to isolate IoT devices from critical systems.
  • Require vendors to provide evidence of DDoS mitigation controls and incident‑response plans.
  • Incorporate botnet‑detection tooling into your continuous monitoring stack.

Technical Notes — The botnets used malware that propagated via default credentials and unpatched firmware vulnerabilities, exploiting a novel spreading mechanism first seen in the Kimwolf variant. No specific CVE identifiers were disclosed, but the attacks leveraged large‑scale command‑and‑control servers hosted on U.S.‑registered domains. Data exfiltration was not reported; the primary impact was service disruption and extortion. Source: Krebs on Security

📰 Original Source
https://krebsonsecurity.com/2026/03/feds-disrupt-iot-botnets-behind-huge-ddos-attacks/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →