Key Highlights

• Authorities disrupted four major IoT botnets: Aisuru, KimWolf, JackSkid and Mossad.
• Officials said the botnets were tied to some of the largest DDoS attacks publicly referenced to date.
• More than 3 million internet-connected devices were reportedly hijacked worldwide as of March 2026.
• The operation involved law enforcement and cybersecurity coordination across the United States, Canada and Germany.
• Compromised devices included routers, web cameras, DVRs and other exposed internet-connected hardware.

International Cyber Operation Targets Major IoT Botnets

The U.S. Department of Justice announced a major law enforcement operation to disrupt four large internet of things botnets allegedly used to launch powerful distributed denial-of-service attacks against victims around the world. The botnets, identified as Aisuru, KimWolf, JackSkid and Mossad, were linked to criminal infrastructure that allowed operators and customers to weaponize compromised devices and direct massive internet traffic at targeted systems.

According to federal authorities, the takedown targeted infrastructure supporting botnet activity tied to attacks that reached roughly 30 terabits per second, placing them among the most significant DDoS events publicly cited by officials. The Justice Department said these operations affected a broad range of victims, including organizations connected to critical networks.

More Than 3 Million Devices Were Reportedly Compromised

Officials said the botnet administrators had compromised more than 3 million internet-connected devices worldwide by March 2026. These devices reportedly included DVRs, IP cameras, routers and other connected hardware often found in homes and small businesses. Authorities also said hundreds of thousands of the infected devices were located in the United States.

The Justice Department further alleged that the botnets operated under a cybercrime-as-a-service model, allowing customers to rent botnet power for attacks. Court documents cited by prosecutors said Aisuru issued more than 200,000 attack commands, KimWolf more than 25,000, JackSkid more than 90,000 and Mossad more than 1,000.

Canada and Germany Played Key Roles in the Action

The disruption was part of a coordinated international effort involving multiple agencies across North America and Europe. The U.S. Department of Justice named Canadian partners including the Royal Canadian Mounted Police, the Ontario Provincial Police and the Sûreté du Québec. German authorities involved included the Bundeskriminalamt Cyber unit and the Public Prosecutor’s Office in Cologne.

Additional reporting indicated that investigators searched locations tied to suspected botnet administrators in Canada and Germany and seized digital evidence and cryptocurrency during the broader enforcement effort.

Why This Matters

The disruption of these botnets is significant for businesses, public institutions and individuals who rely on uninterrupted digital services. DDoS attacks can overwhelm servers, websites and platforms with malicious traffic, causing outages, reputational damage, financial losses and operational delays. For governments and critical infrastructure operators, the stakes are even higher, especially when essential services or communications systems are targeted.

This case also underscores the growing cybersecurity risks tied to poorly secured IoT devices. As homes and businesses continue adopting internet-connected products, outdated firmware, weak passwords and exposed services remain common points of entry for attackers. The takedown highlights the importance of stronger cyber hygiene and device security practices across sectors.

Official Guidance

Readers seeking official cybersecurity resources and threat-response guidance can refer to the following government sources:

• U.S. Department of Justice Official Website
• Canadian Centre for Cyber Security
• German Federal Office for Information Security (BSI)

What Organizations and Households Should Do Next

Security professionals continue to stress the importance of maintaining an accurate inventory of internet-connected devices, changing default passwords, updating firmware, disabling unnecessary remote access and monitoring unusual traffic patterns. Organizations should also ensure their incident response and DDoS mitigation strategies are up to date as threat actors continue adapting their methods.

For consumers and small businesses, even simple improvements in router, camera and device security can reduce the chances of systems being silently recruited into future botnets. This makes public awareness and official guidance especially important as cyber threats continue to evolve.

Conclusion

This international operation marks a significant step in global cybersecurity enforcement and cross-border cooperation. By disrupting four major IoT botnets and the infrastructure behind record-scale DDoS attacks, authorities have removed a substantial source of cyberattack capacity from the internet. While the wider threat has not disappeared, this action signals stronger international resolve against cybercrime and greater momentum toward coordinated defense.

Moving forward, continued collaboration among countries is expected to strengthen protection against escalating cyber threats. Readers can expect further updates as authorities release additional information and guidance.

Frequently Asked Questions

What is an IoT botnet?

An IoT botnet is a network of internet-connected devices such as routers, cameras or DVRs that have been infected with malware and remotely controlled by attackers.

What is a DDoS attack?

A distributed denial-of-service attack floods a system, service or website with traffic from many devices at once, often causing slowdowns or outages.

Which botnets were disrupted?

Authorities identified the botnets as Aisuru, KimWolf, JackSkid and Mossad.

How many devices were affected?

Officials said more than 3 million devices had been hijacked worldwide as of March 2026.

Which countries were involved?

The announced operation involved the United States, Canada and Germany.