The U.S. Department of Justice (DoJ) has taken decisive action to dismantle a multitude of Internet of Things (IoT) botnets responsible for unprecedented distributed denial-of-service (DDoS) attacks. This coordinated effort, which involved collaboration with Canadian and German authorities, as well as major technology firms including Akamai, Amazon Web Services (AWS), Cloudflare, and Google, has led to the disruption of command-and-control infrastructures for several notorious botnets, including AISURU, Kimwolf, JackSkid, and Mossad.
Record-Breaking DDoS Attacks
These botnets have wreaked havoc across the internet, launching DDoS attacks that have reached staggering levels of intensity. In March 2026, attacks peaked at an astounding 31.4 terabits per second (Tbps), shattering previous records and reflecting a serious evolution in the capabilities of cybercriminal organizations. The attacks not only surpassed the 30 Tbps threshold but also delivered an overwhelming 14 billion packets per second, demonstrating the sheer scale at which these botnets operate.
Infiltration of Over 3 Million Devices
The scale of the operation was significant, with over 3 million devices compromised, including those protected by firewalls. This highlights a growing vulnerability in consumer and enterprise IoT devices, which are increasingly being targeted due to their often-lax security protocols. These infected devices form a massive botnet army that can be mobilized for various nefarious purposes, primarily for launching DDoS attacks.
Cybercrime-as-a-Service Model
The operators behind these botnets have exploited a cybercrime-as-a-service model, where access to the botnets can be purchased for extortion purposes. This commodification of cybercrime allows even less technically savvy criminals to launch sophisticated attacks, perpetuating a cycle of insecurity on the internet.
- JackSkid: One of the most notorious botnets, JackSkid, was reported to have an average of 150,000 to 250,000 daily victims as of early March 2026. Its ease of use for attackers made it particularly appealing in the underground market.
- AISURU, Kimwolf, and Mossad: These botnets also contributed to the overall threat landscape, each adding to the complexity of combating such widespread cyber threats.
Impact on Internet Infrastructure
The impacts of these DDoS attacks have been profound, crippling internet infrastructure and critical services. As more devices connect to the internet, the potential for such attacks only increases, raising significant concerns for both individual users and organizations. The DoJ's intervention not only aims to disrupt current operations but also to send a strong message to cybercriminals that such activities will not be tolerated.
Collaboration Among Authorities and Private Sector
The success of this operation hinged on the collaboration between various stakeholders. The involvement of international law enforcement agencies and private sector giants is a testament to the need for a unified approach in combating cybercrime. Notably, firms like Akamai, AWS, Cloudflare, and Google played crucial roles in identifying and mitigating these threats, leveraging their technological capabilities to help the DoJ execute its strategy effectively.
Future of Cybersecurity
As technology continues to advance, the tactics employed by cybercriminals are becoming increasingly sophisticated. The rise of IoT devices has opened up new avenues for attacks, necessitating an evolution in cybersecurity measures. Organizations and consumers alike must prioritize security to safeguard their devices from becoming part of a botnet.
Recommendations for Users
To protect against the risks posed by IoT botnets and DDoS attacks, users should consider the following recommendations:
- Change default passwords: Ensure that all devices are secured with strong, unique passwords that are regularly updated.
- Update firmware: Regularly check for and apply updates to device firmware to patch any vulnerabilities.
- Network security: Utilize firewalls and other security measures to monitor and control traffic to and from devices.
- Reduce unnecessary exposure: Disconnect devices from the internet when not in use or restrict access to only trusted networks.
Conclusion
The recent actions taken by the DoJ and its partners illustrate an important step toward mitigating the threat posed by IoT botnets. While the disruption of these networks is a significant achievement, ongoing vigilance and proactive security measures will be essential in the battle against cybercrime. As the digital landscape evolves, so must our strategies to protect against emerging threats.

