The United States Department of Justice (DOJ), working alongside international partners, has disrupted several large and powerful distributed denial-of-service (DDoS) botnets and shut down their related DDoS-for-hire services.
This operation marks a major step toward a safer internet and reflects the coordinated efforts of multiple parties, including Akamai.
Operation details
In particular, this operation targeted Aisuru and Kimwolf, hyper-volumetric botnets that emerged as a dominant global threat in 2025 and 2026 by leveraging a massive network of an estimated 1 million to 4 million compromised Internet of Things (IoT) devices. These botnets generated attacks exceeding 30 Tbps, 14 billion packets per second, and 300 million HTTP(s) requests per second, shattering historical records.
Cybercriminals used these botnets to launch hundreds of thousands of attacks, in some cases demanding extortion payments from victims. Court documents allege that the Aisuru botnet issued more than 200,000 DDoS attack commands, and the Kimwolf botnet issued more than 25,000 DDoS attack commands. These attacks can cripple core internet infrastructure, cause significant service degradation for ISPs and their downstream customers, and even overwhelm high-capacity cloud-based mitigation services.
Akamai’s role
We appreciate the acknowledgment of our support and assistance in combating this threat, and for the role Akamai played in this takedown. Beginning in late 2025, we collaborated with community, public sector, and industry partners to focus on intelligence gathering, monitoring, and C2 disruption. We provided critical insight and expertise while actively reducing the botnet's scale, and as a result, our efforts helped drive real-world impact by protecting our customers and strengthening the broader internet.
Protect your organization
To further protect organizations from these types of threats, we recommend updating security controls, including web application firewalls (WAFs), to the latest versions, enabling rate-limiting wherever possible, auditing access control lists (ACLs), and subscribing to a DDoS scrubbing service such as Akamai Prolexic.
Thanks are in order
Akamai would like to thank our industry partners — Amazon, Amazon Web Services, Cloudflare, DigitalOcean, Epios, Google, Hydraulics, Lumen, Nokia, Okta, Oracle, PayPal, Registrar of Last Resort, The Shadowserver Foundation, Sony Interactive Entertainment, SpyCloud, Synthient, Team Cymru, Unit 221B, and XLAB — for their collaboration and support throughout the investigation and disruption efforts.
Special thanks for the support of our public sector partners from the US DOJ, Defense Criminal Investigative Service (DCIS), and Federal Bureau of Investigation (FBI), as well as international support from the Bundeskriminalamt (BKA) Cyber, the Royal Canadian Mounted Police (RCMP), Ontario Provincial Police (OPP), and Sûreté du Québec (SQ) that together made widespread disruption possible.
Tags
