The United States Department of Justice, in collaboration with the Defense Criminal Investigative Service, announced the takedown of four botnets that had amassed a staggering number of compromised devices. The botnets, known as JackSkid, Mossad, Aisuru, and Kimwolf, were used to launch large-scale distributed denial-of-service (DDoS) attacks, disrupting internet services and websites. ### Aisuru and Kimwolf: A Formidable Duo **Aisuru** and **Kimwolf**, while distinct, operated in conjunction and comprised over a million devices. According to **Cloudflare**, Aisuru infected a range of devices, including DVRs, network appliances, and webcams. Kimwolf, an offshoot of Aisuru, targeted Android devices, such as smart TVs and set-top boxes. The combined power of these two botnets was demonstrated in a record-breaking attack against a Cloudflare customer last November, reaching over 30 terabits of data per second – nearly triple the size of the previous largest attack. ### International Collaboration While no immediate arrests were announced, the Justice Department stated that it is collaborating with Canadian and German authorities, targeting individuals who operated these botnets. US attorney Michael J. Heyman emphasized the US commitment to safeguarding critical internet infrastructure and combating cybercriminals. ### Aisuru's Reign of Disruption Aisuru had gained notoriety for a series of record-breaking cyberattacks last fall. The botnet's capabilities were rented out, targeting gaming services like *Minecraft* and independent cybersecurity journalist **Brian Krebs**. Krebs, who extensively investigated the botnet underground, was repeatedly attacked by Aisuru. In November, Cloudflare absorbed a record-breaking combined attack from Aisuru and Kimwolf that lasted only 35 seconds but reached 31.4 terabits per second, a volume of attack traffic close to triple the size of any seen before. Cloudflare described the maximum attack traffic of the combined Aisuru and Kimwolf botnets as equivalent to “the combined populations of the UK, Germany, and Spain all simultaneously typing a website address and then hitting ‘enter’ at the same second.” The botnet was capable, Cloudflare’s analysts wrote, of “launching DDoS attacks that can cripple critical infrastructure, crash most legacy cloud-based DDoS protection solutions, and even disrupt the connectivity of entire nations.” ### Mirai's Legacy All four botnets were variants of **Mirai**, an internet-of-things botnet that emerged in 2016. Mirai's code base has since served as the foundation for numerous other IoT botnets. The botnets targeted in the recent takedown had evolved new techniques to infect devices that even Mirai couldn't access. ### Kimwolf's Residential Proxy Prowess Kimwolf leveraged cheap internet-connected gadgets as “residential proxies,” allowing hackers to compromise devices typically protected behind home routers. Chad Seaman, a principal security researcher at **Akamai**, notes that this development “really shook the foundations of what we considered to be a secure home network.” Seaman also highlighted the cat-and-mouse game between cybersecurity researchers, law enforcement, and the botnet operators, who employed innovative tactics like moving their domain name system to the Ethereum blockchain to evade command-and-control server hijacking. ### The Inevitable Rebuild Despite the takedown's success, Seaman believes that new botnets will inevitably emerge. “The cat-and-mouse game continues. You catch one mouse, and 10 others scurry under the refrigerator,” he says. “The cats will prioritize the fat mice. But it's a long game.”