Back to Home

C2 botnets Aisuru and KimWolf neutralized by special services

Intelligence agencies of three countries dismantled C2 of Aisuru, KimWolf, JackSkid, Mossad botnets that infected 3 million IoT devices. Attacks reached 30 Tbps, including Pentagon targets. Operation revealed access sales on black market.

Dismantling of Aisuru, KimWolf botnets: 30 Tbps DDoS stopped
Advertisement 728x90

# Joint Operation by Intelligence Agencies: Dismantling the C2 Infrastructure of Aisuru, KimWolf, JackSkid, and Mossad Botnets

U.S., Canadian, and German intelligence agencies have dismantled the command-and-control (C2) infrastructure of the Aisuru, KimWolf, JackSkid, and Mossad botnets. These IoT device networks generated DDoS attacks reaching speeds of up to 30 Tbps, infecting over 3 million devices worldwide. Operators have been arrested, and domains and servers seized.

Scale of the Threat and Attack Targets

Botnets targeted IoT equipment: digital video recorders, webcams, routers. They bypassed firewalls, infecting traditionally secure devices. Operators sold access to zombie machines on the black market, leading to hundreds of thousands of DDoS attacks on global targets.

  • Aisuru: issued >200,000 DDoS commands.
  • KimWolf: ~25,000 commands, focus on protected devices.
  • JackSkid: 90,000 commands, similar profile.
  • Mossad: >1,000 commands.

Attacks hit IP addresses in the Pentagon network, causing victims losses in the tens of thousands of dollars for mitigation and recovery.

Google AdInline article slot

Technical Details of the Infrastructure

C2 servers were hosted on U.S.-registered domains and VPS. The U.S. Department of Defense structure (DC3) conducted searches under warrants. Over 3 million devices infected globally, hundreds of thousands in the U.S. Botnets used standard IoT management protocols to coordinate traffic.

By March 2026, the scale peaked: operators monetized access, targeting servers and PCs worldwide. DDoS floods reached a record 30 Tbps, overwhelming targets with volumetric attacks.

Stages of the Neutralization Operation

  • Identification of C2 domains and servers through traffic analysis.
  • International cooperation: arrests in Canada and Germany.
  • Seizure of assets in the U.S. under court orders.
  • Log analysis: confirmation of attack commands and access sales.

Court documents reveal the chain: from IoT infection to renting zombie devices. This is a preventive measure against threat escalation.

Google AdInline article slot

Key Takeaways

  • Dismantling C2 stopped >300,000 DDoS commands from these networks.
  • Focus on IoT: router and camera vulnerabilities remain critical.
  • U.S.-Canada-Germany cooperation is a model for global operations.
  • Victim losses: tens of thousands of USD on DDoS protection.
  • Record 30 Tbps highlights botnet evolution.

Implications for IT Professionals

IoT developers and admins should strengthen hardening: firmware updates, network segmentation, anomalous traffic monitoring. Botnets show resilience to firewalls—implement behavioral analysis and zero-trust models. The operation highlights risks of monetizing zombie devices on dark markets.

— Editorial Team

Advertisement 728x90

Read Next