Federal authorities dismantled the online infrastructure behind four major IoT botnets after discovering they compromised more than three million devices worldwide. The botnets—Aisuru, Kimwolf, JackSkid, and Mossad—were used to launch some of the largest distributed denial-of-service (DDoS) attacks in recent years, capable of knocking almost any website or service offline. These attacks weren’t just disruptive; they were profitable. Many victims reported receiving extortion demands, with some paying thousands of dollars to stop the assaults. The losses didn’t stop at ransom—companies also spent tens of thousands cleaning up after the attacks, dealing with downtime, lost business, and IT recovery costs. U.S. Department of Justice officials confirmed the operation involved coordinated seizures of U.S.-registered domains and virtual servers tied to the botnets’ command-and-control systems. Investigators say the botnets were used to launch hundreds of thousands of attacks, with Aisuru alone issuing over 200,000 commands and JackSkid firing off at least 90,000. The targets weren’t random. Some of the attacks hit internet addresses owned by the U.S. Department of Defense, raising serious concerns about national security and critical infrastructure vulnerabilities. The Justice Department worked alongside law enforcement in Canada and Germany to take down the botnets, showing this was a multinational effort to disrupt cybercrime networks operating across borders. The takedown marks a rare but significant win against the growing threat of IoT-based cyberattacks, which have exploded as more everyday devices—from security cameras to smart fridges—get hooked up to the internet. These devices often come with weak security defaults, making them easy prey for hackers. Once compromised, they’re turned into “zombies” that can be remotely controlled to flood targets with traffic, overwhelming servers and causing outages. The botnets dismantled this week weren’t just big by accident. They were designed to scale. Aisuru, for example, targeted routers and cameras with default or weak passwords, while JackSkid focused on exploiting known vulnerabilities in older, unpatched devices. Kimwolf and Mossad expanded the reach by spreading through phishing emails and malicious links, tricking users into downloading malware that turned their devices into attack drones. ## How the botnets worked and why they were so dangerous The four botnets shared a common playbook. Hackers would scan the internet for vulnerable IoT devices, often using automated tools to find devices with default login credentials or outdated firmware. Once inside, they’d install malware that turned the device into part of their botnet army. From there, the attackers could launch DDoS attacks on demand, renting out their botnets to other criminals or using them themselves. Aisuru was particularly aggressive, launching over 200,000 attacks in a short period, while JackSkid specialized in high-volume assaults that could cripple even well-defended targets. The extortion angle added another layer of danger. Victims—ranging from small businesses to large corporations—were hit with threats like, “Pay up or we’ll take your site offline during your busiest hours.” Some paid to avoid the chaos, but even those who refused faced costly disruptions. One victim, a mid-sized e-commerce company, reported losing $45,000 in just three days of downtime from a single attack. The cleanup costs added another $20,000, including IT labor, new hardware, and customer compensation. ## The takedown: How authorities shut down the botnets The operation to dismantle the botnets was months in the making. Investigators traced the command-and-control servers to data centers in the U.S., Canada, and Europe, where the botnets’ operators were directing their attacks. Using seizure warrants, the U.S. Department of Justice and its international partners froze the domains and servers used to control the botnets, effectively cutting off the attackers’ ability to launch new assaults. The takedown also involved freezing cryptocurrency wallets linked to the extortion payments, making it harder for the criminals to profit from their crimes. While the botnets are down, experts warn this isn’t the end of the problem. IoT devices remain a prime target for cybercriminals because they’re often overlooked when it comes to security updates. Many users never change the default passwords on their routers or cameras, leaving them wide open to hijacking. The rise of AI-powered malware is making it even easier for attackers to find and exploit vulnerabilities at scale. What’s next? Authorities say they’re still hunting the people behind these botnets, but tracking down the individuals responsible is notoriously difficult. Many operate from countries with weak cybercrime laws or extradition challenges. Meanwhile, the FBI and its partners are urging IoT device manufacturers to step up security, such as forcing users to change default passwords at setup and pushing automatic firmware updates. For now, the takedown is a rare success story in the fight against IoT-based cybercrime—but the battle is far from over. Consumers and businesses should treat this as a wake-up call. If you’ve got a smart device sitting on your network, now’s the time to lock it down before it becomes someone else’s weapon.

What You Need to Know

• Source: Krebs on Security
• Published: March 20, 2026 at 00:49 UTC
• Category: Security
• Topics: #krebs · #security · #cybersecurity · #war · #conflict · #feds-disrupt

Read the Full Story

This is a curated summary. For the complete article, original data, quotes and full analysis:

Read the full story on Krebs on Security →

All reporting rights belong to the respective author(s) at Krebs on Security. GlobalBR News summarizes publicly available content to help readers discover the most relevant global news.

---

Curated by GlobalBR News · March 20, 2026

---

🇧🇷 Resumo em Português

O Brasil vive um alerta silencioso, mas crescente: milhões de dispositivos conectados estão sendo sequestrados por criminosos cibernéticos sem que seus donos sequer desconfiem. Autoridades dos Estados Unidos, Canadá e Alemanha acabam de desmantelar quatro poderosas redes de botnets de Internet das Coisas (IoT) que, juntas, haviam infectado mais de 3 milhões de aparelhos ao redor do mundo, transformando geladeiras, câmeras e roteadores em armas para ataques massivos de negação de serviço (DDoS). As redes, batizadas como Aisuru, Kimwolf, JackSkid e Mossad, operavam de forma coordenada, explorando falhas em dispositivos mal protegidos para recrutar novos “zumbis digitais” e lançar ataques que podem derrubar sites, serviços bancários e até infraestruturas críticas.

O problema ganha contornos especialmente preocupantes no Brasil, país que já ocupa o topo do ranking mundial de máquinas infectadas por malware em dispositivos IoT, segundo relatórios recentes. Especialistas alertam que a falta de atualização de firmware, senhas padrão nunca trocadas e a popularização de smart home devices sem segurança adequada tornam o território brasileiro um campo fértil para esse tipo de cibercrime. Além disso, a dependência crescente de serviços digitais — como bancos online e governança eletrônica — faz com que um ataque coordenado possa ter impactos ainda mais devastadores na vida cotidiana dos brasileiros. A operação internacional, embora louvável, serve como um lembrete: enquanto governos agem, a responsabilidade de proteger os próprios dispositivos ainda recai sobre os usuários, que muitas vezes ignoram riscos básicos.

A próxima batalha será travada no front doméstico: fabricantes de eletrônicos precisam urgentemente priorizar a segurança em seus produtos, e os brasileiros devem urgentemente revisar suas configurações de IoT — ou continuarão alimentando o exército invisível que mira no caos digital.