US, Canada, and Germany Join Forces to Dismantle Four Major IoT Botnets

Multinational Law Enforcement Strikes Hard

The U.S. Department of Justice recently announced that it has joined forces with law enforcement agencies in Canada and Germany to successfully dismantle the online infrastructure of four highly destructive botnets. Named Aisuru, Kimwolf, JackSkid, and Mossad, these botnets compromised routers, IP cameras, and other Internet of Things (IoT) devices to build a massive attack network comprising over 3 million hijacked devices. They recently launched multiple record-breaking Distributed Denial of Service (DDoS) attacks capable of knocking virtually any target offline.

3 Million Devices Turned into 'Digital Weapons'

According to law enforcement disclosures, the core operating model of these four botnets exploited security vulnerabilities in IoT devices — including home routers, smart cameras, and other common connected devices — to implant malware and conscript them into attack networks. Device owners were typically completely unaware that their equipment had been hijacked, with their devices unknowingly becoming accomplices in massive cyberattacks.

Over 3 million compromised devices meant the attackers had access to enormous bandwidth resources. When all these devices simultaneously sent massive volumes of requests to target servers, even enterprise-grade infrastructure with robust defenses struggled to withstand the onslaught. Law enforcement agencies stated that the DDoS attacks launched by these botnets repeatedly set new records in scale, posing a serious threat to the stability of global internet services.

AI and Automation Amplify Botnet Threats

Notably, modern botnet operations are increasingly leveraging automation tools and AI technology. Attackers use AI-powered scanning tools to discover IoT device vulnerabilities at scale, automated scripts to rapidly compromise devices en masse, and intelligent Command and Control (C2) systems to dynamically allocate attack traffic. This has made botnets far faster to expand and far more precise in their attacks than ever before.

Meanwhile, the explosive growth in the number of IoT devices has provided fertile ground for botnets. According to industry data, the number of active IoT devices worldwide has surpassed 15 billion, with a significant proportion still using default passwords or harboring unpatched security vulnerabilities. Security researchers warn that as smart homes and industrial IoT continue to proliferate, the potential attack surface will only continue to grow.

Cross-Border Collaboration Becomes the New Normal in Cybersecurity

This joint law enforcement operation by the U.S., Canada, and Germany once again underscores the importance of transnational collaboration in combating cybercrime. Botnet infrastructure is typically distributed across multiple countries and regions, making it impossible for any single nation's law enforcement to independently disrupt the entire chain. In this operation, agencies from all three countries achieved synchronized seizure of botnet command and control servers through intelligence sharing and coordinated action, effectively preventing attackers from transferring assets or rebuilding their networks.

Cybersecurity experts note that while this operation successfully dismantled four major botnets, similar threats will not simply disappear. Botnet source code often circulates on underground forums, and new threat actors can quickly build replacement networks. The true long-term solution requires device manufacturers to improve IoT device security at the source, while users should proactively update firmware and change default passwords.

Outlook: IoT Security Remains a Long Road Ahead

This enforcement action sends a clear message to cybercriminals worldwide, but the fundamental challenges of IoT security persist. As AI technology continues to be leveraged by both attackers and defenders, future botnets may become even more stealthy and difficult to detect. The industry urgently needs to accelerate progress in establishing device security standards, improving vulnerability response mechanisms, and deploying AI-driven threat detection systems to maintain the upper hand in this ever-escalating cybersecurity battle.