Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Ethan Foltz charged and RapperBot infrastructure seized

Law Enforcement
First reported
Last updated
Happening score
H score 37
1 unique sources, 1 articles

Summary

Hide ▲

The U.S. Department of Justice charged Ethan Foltz in the RapperBot case and authorities seized control of the botnet infrastructure, disrupting a DDoS-for-hire operation used against victims in over 80 countries. Investigators searched Foltz's residence on August 6, 2025 and took over the botnet's administrative control. The case is part of Operation PowerOFF against criminal DDoS-for-hire networks.

Related Happenings

Aisuru, KimWolf, JackSkid, and Mossad botnet C2 takedown

Law Enforcement
First: 20.03.2026 10:05 Last: 20.03.2026 10:05 Sources 1

About this happening: The **U.S. Department of Justice** announced the arrest of **Jacob Butler (aka Dort)**, a **23-year-old** in **Ottawa, Canada**, for allegedly developing and operating the **Kimwo...

Open Happening

Kimwolf Android botnet expands proxy-relay operations to over 2 million devices

Malware Activity
First: 05.01.2026 18:41 Last: 05.01.2026 18:41 Sources 1

About this happening: The **Kimwolf** **Android botnet** continued to evolve as a **proxy-relay** and **DDoS** operation built on **more than 2 million infected devices**, with abuse of **exposed ADB**...

Latest development: 20.03.2026 08:25

The U.S. Department of Justice announced a court-authorized law-enforcement operation that disrupted command-and-control (C2) infrastructure used by the IoT botnets AISURU, Kimwolf, JackSkid, and Mossad, with assistance from Canada, Germany, and private sector firms including Akamai, Amazon Web Services, Cloudflare, DigitalOcean, Google, Lumen, Nokia, Okta, Oracle, PayPal, SpyCloud, Synthient, Team Cymru, Unit 221B, and QiAnXin XLab. The botnets were linked to distributed denial-of-service (DDoS) attacks targeting victims worldwide and to more than 2 million Android devices, while the four botnets were estimated to have infected no less than 3 million devices worldwide.

Open Happening

Scattered Spider member surrender and UK arrests

Law Enforcement
First: 24.09.2025 23:21 Last: 24.09.2025 23:21 Sources 1

About this happening: Authorities **arrested and charged** suspected **Scattered Spider** members in the **UK** and the **US**, including a **17-year-old** who surrendered in **Las Vegas** and was late...

Open Happening

Timeline

  1. 20.08.2025 07:19 1 articles · 9mo ago

    Law enforcement seizes RapperBot infrastructure

    Legal Policy Action Update

    Law enforcement searched Ethan Foltz's residence in Eugene, Oregon, on August 6, 2025, and seized administrative control of the RapperBot infrastructure, disrupting the DDoS-for-hire botnet used to direct traffic from infected devices toward victims worldwide.

    Show sources
    Open in new tab
  2. 20.08.2025 07:19 1 articles · 9mo ago

    DoJ charges Ethan Foltz over RapperBot

    Initial Disclosure

    On August 20, 2025, the U.S. Department of Justice charged Ethan Foltz of Eugene, Oregon, with one count of aiding and abetting computer intrusions over RapperBot, also called Eleven Eleven Botnet and CowBot; investigators said the service had been used for over 370,000 attacks against 18,000 unique victims across China, Japan, the United States, Ireland, and Hong Kong, and linked Foltz to the botnet through IP addresses, PayPal, Gmail, ISP records, and more than 100 Google searches for RapperBot or Rapper Bot.

    Show sources
    Open in new tab