The U.S. Justice Department joined forces with authorities in Canada and Germany to dismantle the online infrastructure supporting four highly disruptive botnets. These botnets, **Aisuru**, **Kimwolf**, **JackSkid**, and **Mossad**, had compromised over three million Internet of Things (IoT) devices, including routers and web cameras. These botnets were responsible for a series of record-breaking distributed denial-of-service (DDoS) attacks capable of overwhelming nearly any target.  The Justice Department stated that the **Department of Defense Office of Inspector General’s** (DoDIG) **Defense Criminal Investigative Service** (DCIS) executed seizure warrants targeting multiple U.S.-registered domains, virtual servers, and other infrastructure involved in DDoS attacks against Internet addresses owned by the DoD. The government alleges that the operators of these botnets launched hundreds of thousands of DDoS attacks, often demanding extortion payments from victims. Some victims reported losses and remediation expenses totaling tens of thousands of dollars. The oldest botnet, Aisuru, initiated over 200,000 attack commands, while JackSkid launched at least 90,000 attacks. Kimwolf issued more than 25,000 attack commands, and Mossad was responsible for roughly 1,000 attacks. The DOJ [said](https://www.justice.gov/usao-ak/pr/authorities-disrupt-worlds-largest-iot-ddos-botnets-responsible-record-breaking-attacks) that the law enforcement action aimed to prevent further device infections and limit the botnets' ability to launch future attacks. The DCIS is investigating the case with assistance from the FBI’s field office in Anchorage, Alaska, and numerous technology companies. "By working closely with DCIS and our international law enforcement partners, we collectively identified and disrupted criminal infrastructure used to carry out large-scale DDoS attacks," said Special Agent in Charge **Rebecca Day** of the FBI Anchorage Field Office. Aisuru emerged in late 2024 and, by mid-2025, was launching [record-breaking DDoS attacks](https://krebsonsecurity.com/2025/10/ddos-botnet-aisuru-blankets-us-isps-in-record-ddos/) as it rapidly infected new IoT devices. In October 2025, Aisuru was used to seed Kimwolf, an Aisuru variant with a novel spreading mechanism that allowed it to infect devices behind internal network protections. On January 2, 2026, the security firm **Synthient** [publicly disclosed](https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/) the vulnerability Kimwolf exploited for rapid propagation. This disclosure helped curb Kimwolf's spread, but other IoT botnets have since emerged, copying Kimwolf's methods and competing for the same vulnerable devices. The DOJ noted that the JackSkid botnet also targeted systems on internal networks, similar to Kimwolf. The DOJ stated that its disruption of the four botnets coincided with “law enforcement actions” in Canada and Germany targeting individuals allegedly operating those botnets, although specific details about the suspected operators were not disclosed. In late February, KrebsOnSecurity identified [a 22-year-old Canadian man](https://krebsonsecurity.com/2026/02/who-is-the-kimwolf-botmaster-dort/) as a key operator of the Kimwolf botnet. Sources familiar with the investigation indicated that another prime suspect is a 15-year-old residing in Germany.