Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A group of millions of hacked computers known as Aisuru and Kimwolf were used to launch some of the largest such devices Distributed Denial of Service (DDoS) attacks. ever seen. Now US law enforcement agencies have wiped both from the Internet along with two other legions of hijacked computers – known as botnets – in one massive takedown.
The US Department of Justice, working with the US Defense Department’s cybercrime agency known as the Defense Criminal Investigative Service, announced on Thursday that it had dismantled four massive botnets in a single operation, removing command and control servers used to control hacker-run armies of compromised machines known as JackSkid, Mossad, Aisuru and Kimwolf. Together, the four botnet operators amassed more than 3 million devices, often selling access to those devices to other criminal hackers, as well as using them to target victims with massive floods of attack attacks to take down websites and internet services, the Justice Department said.
Aisuru and Kimwolf, a distinct but related botnet to Aisuru, together have over a million machines. According to DDoS defense company CloudflareAisuru infected a variety of devices ranging from digital video recorders to network devices to webcams, and its Kimwolf branch also infected Android devices including smart TVs and set-top boxes. Cloudflare says the two botnets, working together, carried out a cyberattack against a Cloudflare customer last November that accessed more than 30 terabytes of data per second, nearly three times the size of the previous largest such attack.
No arrests or takedowns were immediately announced, but the Justice Department statement noted that the US government was cooperating with Canadian and German authorities, “who targeted the individuals who operated these botnets.”
“The United States is steadfast in its commitment to protecting critical Internet infrastructure and fighting cybercriminals who jeopardize its security wherever they live,” U.S. Attorney Michael J. Heyman wrote in a statement.
Of the four botnets seized in the operation, Aisuru gained the most notoriety, thanks to a series of record-breaking or near-record cyberattacks it carried out last fall. Bots, whose use has been rented out like many “bootstrap” services that offer their brute force disruptive capabilities to anyone willing to pay, have been more vocal against gaming services like Minecraft and freelance cybersecurity journalist Brian Krebs. Krebs, who has extensively investigated the underground botnet and Isoro in particular, I was attacked repeatedly Of robots last year.
Then in November, Cloudflare absorbed a record-breaking combined attack from Aisuru and Kimwolf that lasted just 35 seconds but reached 31.4 terabytes per second, an attack traffic volume close to three times the size of anything seen before. (The company did not disclose which customers were exposed to this attack.)
In a a report Regarding the state of the DDoS ecosystem, Cloudflare described the maximum attack traffic of the combined Aisuru and Kimwolf botnets as equivalent to “the combined population of the UK, Germany and Spain all simultaneously typing in a website address and then pressing enter in the same second.” Cloudflare analysts wrote that the botnet was able to “launch DDoS attacks that can cripple critical infrastructure, disable most legacy cloud-based DDoS protection solutions, and even disrupt the connectivity of entire countries.”
In fact, all four botnets disrupted by the US operation were different versions of botnets Miraian Internet of Things botnet that debuted in 2016, broke records at the time in terms of the volume of cyberattacks it enabled, and was eventually used in an attack on domain name service provider Dyn that took down 175,000 websites simultaneously across much of the United States. Since then, the Mirai codebase has served as a launching pad for a decade of other IoT botnets.