NEW YORK, March 20 (Reuters) – Law enforcement agencies in the United States, Germany and Canada have launched an operation to take down the infrastructure used by four major botnets that have infected more than 3 million devices worldwide.
The US Department of Justice said in a statement on Thursday that the malicious networks – Aisuru, KimWolf, JackSkid and Mossad – were used to carry out distributed denial of service (DDoS) attacks, with some Defense Department websites among the targets.
German police said on Friday that law enforcement agencies have identified two suspected botnet operators who will now face legal consequences.
“Searches were conducted at their headquarters in Germany and Canada and extensive evidence was secured,” the statement said. “Tens of thousands of dollars worth of cryptocurrencies were also seized in addition to numerous data storage devices.”
Most of the infected devices were part of the so-called Internet of Things or web-connected devices such as webcams, digital video recorders or Wi-Fi routers, according to the US Department of Justice.
Botnet operators have launched hundreds of thousands of DDoS attacks targeting computers and servers around the world, including IP addresses owned by the Defense Department’s information network. In some cases, they demanded payments from their victims, according to the statement.
German police said devices may have been compromised without their owners’ knowledge, and those with no security updates or weak passwords were particularly at risk.
“In addition, the resources of the Kimwolf botnet were rented out as a so-called residential proxy network. This allowed third parties to use infected devices as an anonymization layer for a fee, without the knowledge of the real owner,” police said.
“Today’s disruption of four powerful botnets underscores our commitment to eliminating emerging cyber threats to the Department of Defense and its warfighters,” said Kenneth DeChellis, Special Agent in Charge of the Defense Department’s Investigative Service.
The Justice Department statement listed nearly two dozen major technology companies that helped the operation, including Amazon Web Services, Google, PayPal and Nokia, and the European Union law enforcement agency Europol’s PowerOff team, whose cybercriminal operation targeting DDoS attacks has been ongoing since 2017.
(Reporting by Maria Tsvetková and Matthias Williams; Editing by Thomas Derpinghaus and Andrei Khalip)
