ON 20 March 2026, the U.S. Department of Justice (DoJ) announced the disruption of command-and-control infrastructure used by several IoT botnets, including AISURU, Kimwolf, JackSkid and Mossad, in a court-authorised operation with Canada and Germany taking part. The DoJ said the four botnets launched distributed denial-of-service attacks worldwide, with some attacks reaching about 30 Terabits per second and described as record-breaking.
Cloud‑based observers had previously attributed AISURU/Kimwolf to a 31.4 Tbps DDoS attack in November 2025 that lasted 35 seconds, and the operation noted that more than 2 million Android devices were conscripted, with the four botnets infecting no fewer than 3 million devices overall such as digital video recorders, web cameras or Wi‑Fi routers.
The DoJ stated that Kimwolf and JackSkid infected devices often exposed on residential networks, and that the operators sold access to infected devices via a cybercrime‑as‑a‑service model. The disruption involved involvement from private sector firms including Akamai, Amazon Web Services, Cloudflare, DigitalOcean, Google, Lumen, Nokia, Okta, Oracle, PayPal, SpyCloud, Synthient, Team Cymru, Unit 221B and QiAnXin XLab, which assisted in the investigation, according to the DoJ.