International Crackdown Disrupts IoT Botnets Powering Large-Scale DDoS Attacks  Early results came through cooperation among U.S., German, and Canadian agencies targeting major digital threats like Aisuru, KimWolf, JackSkid, and Mossad. Systems once used to manage attacks now stand inactive after teams disrupted central control points across borders. Instead of waiting, officials moved fast against links connecting malware operations - shutting down domains, servers, and coordination hubs.  What ran hidden for months became exposed overnight due to shared intelligence and precise actions. One after another, these botnets launched countless DDoS assaults across the globe - some aimed at critical systems like those tied to the Department of Defense Information Network. With each move, authorities hoped to break contact between hacked gadgets and cybercriminals. That separation would weaken control over the infected machines.  Over time, their capacity to act diminishes. Without signals from command servers, coordination crumbles. Even large-scale efforts lose momentum when links go silent. Behind the scenes, the goal remains clear: stop the flow before damage spreads further. One measure stands out when looking at recent cyber events - their sheer size. Not long ago, an assault tied to the Aisusu botnet hit speeds near 31.4 terabits each second, piling up 200 million queries in just one second.  That December incident wasn’t isolated; prior surges linked to the same system showed matching force. With time, such floods grow stronger, revealing how quickly disruption tools evolve. Figures released by the U.S. Department of Justice show botnet systems sent vast numbers of attack directives - hundreds of thousands in total. Among them, Aisuru was responsible for exceeding 200,000 such signals.  In contrast, KimWolf, along with JackSkid and Mossad, generated additional tens of thousands. Devices caught in these waves passed three million, largely made up of IoT hardware like cameras, routers, and recording units. Most of those compromised machines operated within American borders. From behind the scenes, access to hacked networks was turned into profit via a cybercrime rental setup, allowing third-party attackers to carry out intrusions, demand payments from targets, while knocking digital platforms offline.  Backing the operation's collapse, Akamai - a security company - pointed out how these sprawling botnets threaten core internet reliability, sometimes swamping defenses built to handle heavy assaults. Though this takedown deals a serious blow, specialists warn IoT-driven botnets remain an ongoing challenge in digital security. Still, new forms keep emerging despite progress made recently across enforcement efforts.

International Crackdown Disrupts IoT Botnets Powering Large-Scale DDoS Attacks #Aisurubotnet #AISURUKimwolfbotnet #Botnet

Manager of botnet used in ransomware attacks gets 2 years in prison A Russian national has been sentenced to two years in prison after admitting that the phishing botnet he managed was used to launch BitPaymer ransomware attacks against 72 U.S. companies.

Manager of #botnet used in #ransomware attacks gets 2 years in prison

www.bleepingcomputer.com/news/security/russian-ma...

#cybercrime #cybersecurity

Mirai Malware Evolves into Hundreds of Variants Driving Botnet Growth Mirai malware evolves into hundreds of variants, driving botnet growth, powering large-scale attacks, and increasing risks to vulnerable IoT devices worldwide.

It turns out #Mirai malware isn’t fading, it’s multiplying. Hundreds of Mirai-based variants now host massive botnet growth, exploiting weak IoT devices and evolving attack methods.

Read more: hackread.com/mirai-malwar...

#Botnet #CyberSecurity #IoT #Malware #DDoS

TP-Link Patches Archer NX Auth Bypass, Still Faces Security Lawsuit A missing authentication check in TP-Link’s Archer NX series allows unprivileged attackers to upload firmware. The update lands as the company defends a Texas lawsuit alleging deceptive security claim...

📍TP-Link Patches Archer NX Auth Bypass, Still Faces Security Lawsuit.

A missing authentication check in TP-Link’s Archer NX series allows unprivileged attackers to upload firmware. The update lands as the company defends a Texas lawsuit...

#TPlink #Security #Botnet

factide.com/tp-link-patc...

Botnet operator behind $14 million in ransomware extortion payments gets 24 months behind bars - Help Net Security Russian botnet operator sentenced to 24 months for running the Mario Kart botnet used in ransomware attacks against 70+ U.S. companies.

Botnet operator behind $14 million in ransomware extortion payments gets 24 months behind bars

🔗 Read more: www.helpnetsecurity.com/2026/03/25/r...

#ransomware #botnet #cybersecurity

Hacker russo condenado a dois anos de prisão por operar botnet de extorsão

Hacker russo condenado a dois anos de prisão por operar botnet de extorsão

#botnet #hacker

Head of Russian Cybercrime Group Mario Kart Sentenced for Locking Out Dozens of U.S. Businesses A federal court in Detroit sentenced Russian national Illya Angelov, on Tuesday, for running a botnet...

#Hacker #News #Cyber #News #Ransomware #News #Threat […]

[Original post on thecyberexpress.com]

The US government just banned consumer routers made outside the US You can keep using your existing router.

When you regulate what you don't understand *SIGH*
The US government just banned consumer routers made outside the US | The Verge - www.theverge.com/news/899172/...
#botnet #tplink #overreach

CECbot: Spegne la TV e controlla la rete! Il malware silente del tuo Android TV

📌 Link all'articolo : www.redhotcyber.com/post/cec...

#redhotcyber #news #malware #hacking #cybersecurity #botnet #androidtv #spionaggio #crittografia #tvhacker

Global Law Enforcement Disrupts SocksEscort Proxy Network Powered by AVRecon Malware  Federal and regional police units, working alongside independent digital security experts, took down the SocksEscort hacking infrastructure. This setup used hacked gateway gadgets - infected by AVRecon - to route illicit online traffic through hidden channels.  A team at Black Lotus Labs, under Lumen Technologies, aided the takedown operation together with officials from the U.S. Department of Justice. Over multiple years, authorities found the proxy system kept around twenty thousand compromised gadgets active weekly - revealing both reach and staying power.  SocksEscort first came into view back in 2023, though signs point to activity stretching well beyond ten years. Operation relied on offering entry to seemingly legitimate IP addresses - pulled from home and office network devices. Because these connections appeared ordinary, users could mask malicious data flows under normal ISP cover. Detection tools often failed, misled by the everyday digital footprint left behind.  By early 2026, authorities reported the system had provided entry to vast numbers of IP addresses across its lifespan. Nearly 8,000 compromised routers remained operational at that point. Within the U.S., roughly a quarter of those devices were found scattered throughout the country. Though focused on one case, the ripple effects touched various forms of monetary misconduct.  A trail led authorities to connect SocksEscort with nearly $1 million siphoned from digital wallets belonging to someone in New York. Separate findings showed about $700,000 lost due to deceptive schemes targeting an industrial company based in Pennsylvania. Victims among American military personnel also faced damage after personal banking records were breached, adding further strain.  Dozens of domains and servers linked to the network were seized across Europe through joint efforts steered by Europol. Backing came from law enforcement agencies in Austria, France, and the Netherlands. Around $3.5 million in digital currency was blocked during the course of the mission. What powered the entire operation was AVRecon, a form of malicious software aimed at Linux-run home and small office routers.  By June 2023, it had taken hold on over seventy thousand machines, forming a vast network of hijacked devices. This network served one purpose: strengthening the reach of SocksEscort. Analysts found something unusual - none of the affected IPs showed up in unrelated botnet activity, pointing toward tightly managed usage. Despite setbacks during early 2023 that briefly disrupted operations through severed command channels, the group managed recovery by reconstructing systems. Control returned via decentralized nodes rather than a single hub. Activity restarted months afterward with modified communication pathways.  Early in 2025, more than 280,000 distinct IP addresses got caught up in the activity. Although infections spread globally, those based in the U.S. and the U.K. stood out - due to their appeal in hiding harmful network behavior. Outdated routers should be swapped out, many professionals suggest. Firmware updates come next on the list for staying protected. Default login details? Better revise them promptly. Remote functions that go unused tend to invite trouble - shutting those off helps block intrusions. Reducing exposure often begins with these small shifts.  A single operation reveals how digital crime groups using hidden relay systems are expanding their reach. Global teamwork across borders proves essential to weaken such operations.

Global Law Enforcement Disrupts SocksEscort Proxy Network Powered by AVRecon Malware #Botnet #Botnetattack #CyberSecurity

Global Crackdown Dismantles 4 Botnets Behind Major DDoS Attacks Global crackdown dismantles Aisuru, KimWolf, JackSkid and Mossad botnets behind major DDoS attack campaigns targeting millions of devices worldwide.

📢 Global crackdown dismantles Aisuru, KimWolf, JackSkid, and Mossad botnets behind major DDoS attack campaigns targeting millions of devices worldwide.

Read: hackread.com/crackdown-di...

#CyberSecurity #CyberCrime #DDoS #Mossad #Aisuru #Botnet

📰 Ubiquiti Tambal Celah Kritis UniFi Network yang Berisiko Picu Pengambilalihan Akun

👉 Baca artikel lengkap di sini: ahmandonk.com/2026/03/22/ubiquiti-tamb...

#beritaTeknologi #botnet #celahKritis #cve-2026-22557 #hacker #keamananJaring

Original post on webpronews.com

Google Just Dismantled a Cybercrime Empire That Hijacked Millions of Devices — And the Fight Isn’t Over Google disrupted BadBox 2.0, a massive botnet that hijacked over one million cheap Androi...

#CybersecurityUpdate #Android #malware #BadBox #2.0 #botnet […]

[Original post on webpronews.com]

US seizes command centres for four massive botnets controlling 3 million devices Justice Department seizes Aisuru, KimWolf and two other massive botnets responsible for record 31.4 Tbps DDoS attacks. International operation targets cybercrime infrastructure.

US seizes command centres for four massive botnets controlling 3 million devices

#Cybersecurity #DDoSAttacks #Botnet #AusNews #Justice

thedailyperspective.org/article/2026-03-21-us-se...

Akamai Helps Disrupt Massive IoT Botnets

~Akamai~
DOJ and partners disrupted Aisuru and Kimwolf, massive IoT DDoS botnets capable of record-breaking 30+ Tbps attacks.
-
IOCs: Aisuru, Kimwolf
-
#Botnet #DDoS #ThreatIntel

US Takes Down Botnets Used in Record-Breaking Cyberattacks The Aisuru, Kimwolf, JackSkid, and Mossad botnets had infected more than 3 million devices in total, many inside home networks, according to the US Justice Department.

US Takes Down Botnets Used in Record-Breaking Cyberattacks

www.wired.com/story/us-takes-down-botn...

#botnet #cybersecurity #Aisuru #Kimwolf #JackSkid #Mossad

Iranian botnet exposed after open directory leak reveals 15-node relay network. Insights into SSH-based mass deployment and DDoS tooling. #CyberSecurity #Botnet #Iran #DDoS #SSH Link: thedailytechfeed.com/iranian-botn...

Original post on cyberscoop.com

Justice Department disrupts botnet networks that hijacked 3 million devices The Aisuru, Kimwolf, JackSkid and Mossad botnets enabled cybercriminals to initiate thousands of attacks. A crackdown tar...

#Cybercrime #Cybersecurity #Government #Research #Threats […]

[Original post on cyberscoop.com]

Original post on hackaday.com

This Week in Security: Linux Flaws, Python Ownage, and a Botnet Shutdown The ides of security March are upon us — Qualys reports the discovery by their threat research unit of vulnerabilities in...

#Hackaday #Columns #Security #Hacks #apparmor #botnet #Git […]

[Original post on hackaday.com]

Original post on hackaday.com

This Week in Security: Linux Flaws, Python Ownage, and a Botnet Shutdown The ides of security March are upon us — Qualys reports the discovery by their threat research unit of vulnerabilities in...

#Hackaday #Columns #Security #Hacks #apparmor #botnet #Git […]

[Original post on hackaday.com]

DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks DoJ disrupts IoT botnets behind 31.4 Tbps DDoS attacks using 3M devices, reducing global extortion-driven outages.

The U.S. disrupted IoT botnets behind record DDoS attacks, including a 31.4 Tbps spike in seconds.

These networks hijacked millions of TVs, routers, and cameras, then sold that power for attacks and extortion.
#CyberCrime #Botnet #CyberSecurity
thehackernews.com/2026/03/doj-...

4 major botnets taken down.
3M+ infected IoT devices
DDoS attacks up to 30 Tbps
DoD networks targeted

#Cybersecurity #IoT #Botnet

Original post on securityweek.com

Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation The lesser-known JackSkid and Mossad botnets have also been targeted in the operation. The post Aisuru and Kimwolf DDoS Botnets ...

#Cybercrime #IoT #Security #Tracking #& #Law […]

[Original post on securityweek.com]

Open Directory Leak Reveals Iran-Linked 15-Node Relay Network Threat actors occasionally make operational security mistakes that expose their entire working environment. Recently, potatosecurity res...

#Botnet #Potato #Security #News #Potato #security #news

Origin | Interest | Match

Open Directory Leak Reveals Iran-Linked 15-Node Relay Network Threat actors occasionally make operational security mistakes that expose their entire working environment. Recently, cybersecurity res...

#Botnet #Cyber #Security #News #Cyber #security #news

Origin | Interest | Match

Rondodox Botnet Targets 174 Flaws Daily
Read More: buff.ly/PfTnDZ8

#RondoDox #Botnet #MassExploitation #VulnerabilityScanning #RouterSecurity #EdgeDeviceSecurity #ThreatIntel #InfosecAlert

Residential Proxies: When "Normal" Traffic Becomes a Risk Multiplier “Normal traffic” is now an attacker costume. 🥸🏠 Residential proxies borrow real home ISP IPs, making sprays/scrapes/SaaS intrusion blend in. Don’t rage-block—use tiered friction (identity+behavior)…

IP reputation called in sick. 14k hijacked routers + “residential” exits = fraud that looks like your best customers. Use tiered friction, not rage-blocks 🥷🔥

Read the playbook (and subscribe): blog.alphahunt.io/residential-...

#AlphaHunt #CyberSecurity #Botnet #Fraud

Stay alert! Recent cyber threats include Chrome zero-days, router botnets, and AWS breaches. Update your software and secure your networks. #CyberSecurity #DataBreach #ZeroDay #Botnet Link: thedailytechfeed.com/critical-sec...

RondoDox botnet escalates with 174 exploits, leveraging residential IPs for stealth. A stark reminder of evolving cyber threats. #CyberSecurity #Botnet #RondoDox #CyberThreats Link: thedailytechfeed.com/rondodox-bot...

Original post on f.cz

The strategy of (presumable AI operated) botnet trying to spam #fcz instance with fake accounts (for whatever purpose) is somewhat funny. They somehow figured out, that I am moderator - so the first thing these profiles do is to block me.

Which makes my job extremely easy, as I really can just […]