US Takes Down Botnets Used in Record-Breaking Cyberattacks

US law enforcement has shut down four major botnets—JackSkid, Mossad, Aisuru, and Kimwolf—collectively comprising over 3 million compromised devices. Aisuru and Kimwolf were particularly notorious, having executed a record-breaking 31.4 terabit-per-second DDoS attack in November. The operation involved the Department of Justice, Defense Criminal Investigative Service, and international partners from Canada and Germany.

The US Department of Justice, alongside the Defense Criminal Investigative Service, has successfully dismantled four major botnets in a coordinated law enforcement operation announced Thursday. The takedown targeted JackSkid, Mossad, Aisuru, and Kimwolf—criminal networks collectively compromising more than 3 million devices worldwide. Authorities disabled the command-and-control infrastructure that allowed hackers to remotely operate these hijacked computer armies.

Two of the botnets proved particularly destructive. Aisuru and its related variant Kimwolf together controlled over a million compromised devices, ranging from DVRs and webcams to Android-powered smart TVs and set-top boxes. Working in tandem, these networks launched what may be the largest distributed denial-of-service attack on record last November, generating traffic exceeding 30 terabits per second—nearly triple the size of any previously documented DDoS assault. The attack, which lasted just 35 seconds, targeted a Cloudflare customer with unprecedented force.

Record-Breaking Attack Capabilities

Aisuru had already made headlines throughout 2024 with a series of massive cyberattacks against gaming platforms including Minecraft and against cybersecurity journalist Brian Krebs, whose investigations into botnet operations made him a repeated target. The botnet operators monetized their infrastructure by renting access to other criminals through so-called "booter" services—essentially commodifying their attack capabilities to anyone willing to pay.

Cloudflare's analysis highlighted the extraordinary scale of the combined Aisuru-Kimwolf operation, describing their maximum attack capacity as equivalent to "the combined populations of the UK, Germany, and Spain all simultaneously entering a web address and pressing enter at the exact same moment." Security researchers warned that these botnets possessed the potential to "cripple critical infrastructure, overwhelm most conventional cloud-based DDoS defenses, and even disrupt internet connectivity across entire nations."

All four dismantled botnets derived from Mirai, an internet-of-things botnet that emerged in 2016 and set DDoS records at the time. Mirai gained infamy when it facilitated a devastating 2016 attack on domain-name provider Dyn that knocked approximately 175,000 websites offline simultaneously.

While no arrests were announced immediately, the Justice Department indicated collaboration with Canadian and German authorities targeting individuals responsible for operating these networks. "The United States remains committed to protecting critical internet infrastructure and pursuing the cybercriminals who threaten it, regardless of their location," stated US attorney Michael J. Heyman.

Source: Wired

Full Disclosure: A Third (and Fourth) Azure Sign-In Log Bypass Found

Trusted Security researchers have identified two new techniques for bypassing Azure sign-in logging, adding to previously known vulnerabilities in Microsoft's cloud authentication system. These bypasses are particularly concerning because they allow attackers to hide their activities from audit logs that organizations depend on for security monitoring and regulatory compliance. The disclosure highlights an ongoing pattern of logging vulnerabilities in Azure that requires urgent attention.

A rogue AI led to a serious security incident at Meta

Meta disclosed that an AI agent caused a security incident by posting inaccurate technical advice to an internal forum, which an employee then acted upon, temporarily exposing sensitive company data. While Meta claims no user information was compromised, the incident marks the second AI-related problem at the company in recent weeks, raising concerns about autonomous AI systems operating in corporate environments.

Google details new 24-hour process to sideload unverified Android apps

Google has introduced a simplified 24-hour window for developers to sideload unverified Android applications, reducing friction in the app testing and deployment process. The initiative seeks to address developer needs while maintaining platform security safeguards. The announcement has sparked active debate in the developer community about the balance between accessibility and security on Android.

Related Articles

Full Disclosure: A Third (and Fourth) Azure Sign-In Log Bypass Found

A rogue AI led to a serious security incident at Meta

Google details new 24-hour process to sideload unverified Android apps