Aisuru, KimWolf & Co.: Cross-border operation against four dangerous botnets
Over three million infected IT devices recently used for especially powerful DDoS attacks. Now, apparently, there was an operation against the infrastructure.
(Image: panumas nikhomkhai/Shutterstock.com)
Law enforcement agencies from the USA, Canada, and Germany have in a joint operation “disrupted” the infrastructure of four major botnets used for massive DDoS attacks. This was made public by the public prosecutor's office in Alaska. According to the report, the Federal Criminal Police Office (Bundeskriminalamt, BKA) and the Central and Contact Point Cybercrime North Rhine-Westphalia (Zentral- und Ansprechstelle Cybercrime Nordrhein-Westfalen, ZAC NRW) were among the agencies involved. The authorities reportedly took action against internet domains, virtual servers, and other infrastructure that were allegedly used for the attacks. There is no mention of any arrests in the statement, and law enforcement does not claim that the botnets have been dismantled.
Attacks for Money
The botnets affected are reportedly Aisuru, KimWolf, JackSkid, and Mossad. Together, they had recently hijacked more than three million IT devices worldwide, hundreds of thousands of them in the USA. These are reportedly various IoT devices, including video recorders, internet cameras, and routers. In some cases, devices that were supposed to be shielded from the internet by a firewall were also impacted. Access to the devices was then rented out under the well-known “Cybercrime as a Service” model. For money, they could be unleashed on victim networks, overwhelming them with countless simultaneous requests. Typically, money is then demanded for the attacks to stop.
Videos by heise
According to the public prosecutor's office in Alaska, some attacks reached record access rates of 30 terabits per second, with Aisuru in particular being used for many attacks. JackSkid and KimWolf followed at a considerable distance, while Mossad was reportedly used much less frequently. There have been no statements from the German authorities regarding the operation so far. However, IT security researcher Brian Krebs has stated that he determined that the KimWolf botnet was mainly operated by a 22-year-old Canadian. Investigations then revealed that a second main suspect was 15 years old and lived in Germany. Whether the authorities share this assessment and have taken action against the two is not yet known. IT security researcher Brian Krebs has, however, stated that he determined that the KimWolf botnet was mainly operated by a 22-year-old Canadian.
(mho)
