US, Germany, Canada disrupt botnets

Law enforcement agencies in the ⁠United States, ⁠Germany and Canada have carried out an operation to take down infrastructure used by four major botnets that infected more than 3 million devices worldwide.  

The US Department of Justice said the malicious networks - Aisuru, ‌KimWolf, ‌JackSkid and Mossad - were used to launch distributed ‌denial-of-service (DDoS) attacks, with some US Department of Defense ⁠websites among the targets. 

German police said law enforcement agencies had identified two suspected administrators of the botnets who will now face legal consequences.

"Searches were conducted at their residences in Germany ​and Canada, and extensive evidence was seized," it said in a statement.

"In addition to numerous data storage devices, cryptocurrencies ⁠worth tens of thousands of dollars were also confiscated."

Most infected devices were part of the so-called internet of things, or web-connected appliances like webcams, digital video recorders, or wi-fi routers, according to the US DOJ.

Operators of the botnets carried out hundreds of thousands of DDoS attacks, targeting computers and servers around the world, including IP addresses owned by the US Department of Defense Information Network.

In some ​cases, they demanded payments from their victims, ⁠according to the statement.

German police said devices could ⁠be compromised without the knowledge of their owners, and those with no security updates or ​weak passwords were especially at risk.

"Furthermore, resources of the Kimwolf botnet ‌were rented out ⁠as a so-called residential proxy network.

"This allowed third parties to use the infected devices as an anonymization layer for a fee, without the knowledge of the ‌actual owner," police said.

"Today’s disruption of four powerful botnets highlights our commitment to eliminate emerging cyber threats to the [US] Department of Defense and its warfighters,” said Kenneth DeChellis, a special agent in charge at the Department of ​Defense Investigative Service.

The DOJ statement listed nearly two dozen major tech companies that helped the operation, including Amazon Web Services, Google, PayPal and Nokia, and the PowerOff team of the ‌European Union's law ⁠enforcement agency, Europol, whose operation ​against cybercriminals focusing on DDoS attacks has been running since 2017.