Global Law Enforcement Disrupts AISURU, Kimwolf, JackSkid IoT Botnets, Halting 30+ Tbps DDoS Campaigns
What Happened — The U.S. Department of Justice, together with Canadian and German authorities and major tech firms, seized command‑and‑control (C2) servers used by the AISURU, Kimwolf, JackSkid and Mossad IoT botnets. The operation cut off control of more than 3 million compromised cameras, routers and other IoT devices that had been used to launch record‑breaking DDoS attacks of up to 31.4 Tbps.
Why It Matters for TPRM —
- Large‑scale DDoS‑for‑hire services can be rented through compromised third‑party IoT devices, exposing your supply chain to service disruption.
- The takedown shows that botnet operators rely on weakly managed infrastructure that may be hosted by third‑party cloud or hosting providers you use.
- Ongoing risk remains as new botnets emerge; continuous monitoring of vendor security posture is essential.
Who Is Affected — Organizations across all sectors that depend on internet‑facing services, especially those in technology/SaaS, manufacturing, energy/utilities, government, and any business that outsources IoT device management.
Recommended Actions —
- Review DDoS mitigation and incident‑response capabilities of your critical vendors.
- Verify that vendors enforce strict IoT device hygiene and patching policies.
- Incorporate botnet‑related threat intelligence into your third‑party risk assessments.
Technical Notes — The botnets leveraged compromised IoT firmware and default credentials to build a “cybercrime‑as‑a‑service” platform. Attacks were delivered via volumetric HTTP floods, reaching 31.4 Tbps in a 35‑second burst. No specific CVEs were disclosed; the primary vector was insecure IoT devices and poorly protected C2 infrastructure. Source: SecurityAffairs