RapperBot Botnet Disrupted and Administrator Charged

First reported

20.08.2025 07:19

Last updated

20.08.2025 20:40

📰 2 unique sources, 2 articles

Summary

Hide ▲

A 22-year-old man from Eugene, Oregon, Ethan Foltz, has been charged with developing and operating the RapperBot botnet, which conducted over 370,000 DDoS attacks against 18,000 unique victims across 80 countries since 2021. The botnet, also known as Eleven Eleven Botnet and CowBot, targeted Digital Video Recorders (DVRs) and Wi-Fi routers using SSH or Telnet brute-force attacks. In 2023, RapperBot added a cryptomining module to diversify its revenue stream. Foltz was arrested on August 6, 2025, and faces up to 10 years in prison if convicted. The botnet's command-and-control infrastructure was seized during the operation.

Timeline

20.08.2025 07:19 📰 2 articles · ⏱ 27d ago

RapperBot Botnet Administrator Charged and Infrastructure Seized
The botnet targeted U.S. government systems, major media platforms, gaming companies, and large tech firms. In 2023, RapperBot added a cryptomining module to diversify its revenue stream. The botnet launched 370,000 attacks since April 2025, with attacks ranging from several terabits to over 1 billion packets per second (pps). The cost of a DDoS attack averaging over two Terabits per second lasting 30 seconds might range from $500 to $10,000. Foltz was issued a summons following the filing of the criminal complaint and remains free.
Show sources

DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks — thehackernews.com — 20.08.2025 07:19

“Rapper Bot” malware seized, alleged developer identified and charged — www.bleepingcomputer.com — 20.08.2025 20:40
Open in new tab

Information Snippets

Ethan Foltz, 22, from Eugene, Oregon, was charged with aiding and abetting computer intrusions.
First reported: 20.08.2025 07:19

📰 2 sources, 2 articles
Show sources
- DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks — thehackernews.com — 20.08.2025 07:19
- “Rapper Bot” malware seized, alleged developer identified and charged — www.bleepingcomputer.com — 20.08.2025 20:40
RapperBot, also known as Eleven Eleven Botnet and CowBot, was used to conduct over 370,000 DDoS attacks.
First reported: 20.08.2025 07:19

📰 2 sources, 2 articles
Show sources
- DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks — thehackernews.com — 20.08.2025 07:19
- “Rapper Bot” malware seized, alleged developer identified and charged — www.bleepingcomputer.com — 20.08.2025 20:40
The botnet targeted over 18,000 unique victims across 80 countries since at least 2021.
First reported: 20.08.2025 07:19

📰 2 sources, 2 articles
Show sources
- DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks — thehackernews.com — 20.08.2025 07:19
- “Rapper Bot” malware seized, alleged developer identified and charged — www.bleepingcomputer.com — 20.08.2025 20:40
RapperBot infected over 45,000 devices across 39 countries.
First reported: 20.08.2025 07:19

📰 2 sources, 2 articles
Show sources
- DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks — thehackernews.com — 20.08.2025 07:19
- “Rapper Bot” malware seized, alleged developer identified and charged — www.bleepingcomputer.com — 20.08.2025 20:40
The botnet's command-and-control infrastructure was seized on August 6, 2025.
First reported: 20.08.2025 07:19

📰 2 sources, 2 articles
Show sources
- DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks — thehackernews.com — 20.08.2025 07:19
- “Rapper Bot” malware seized, alleged developer identified and charged — www.bleepingcomputer.com — 20.08.2025 20:40
RapperBot was used to conduct DDoS attacks measuring between 2 and 3 Terabits per second (Tbps).
First reported: 20.08.2025 07:19

📰 1 source, 1 article
Show sources
- DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks — thehackernews.com — 20.08.2025 07:19
The botnet was involved in ransom DDoS attacks to extort victims.
First reported: 20.08.2025 07:19

📰 2 sources, 2 articles
Show sources
- DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks — thehackernews.com — 20.08.2025 07:19
- “Rapper Bot” malware seized, alleged developer identified and charged — www.bleepingcomputer.com — 20.08.2025 20:40
The investigation traced the botnet to Foltz through IP address links to various online services.
First reported: 20.08.2025 07:19

📰 2 sources, 2 articles
Show sources
- DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks — thehackernews.com — 20.08.2025 07:19
- “Rapper Bot” malware seized, alleged developer identified and charged — www.bleepingcomputer.com — 20.08.2025 20:40
The disruption of RapperBot is part of Operation PowerOFF, an international effort to dismantle criminal DDoS-for-hire infrastructures.
First reported: 20.08.2025 07:19

📰 2 sources, 2 articles
Show sources
- DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks — thehackernews.com — 20.08.2025 07:19
- “Rapper Bot” malware seized, alleged developer identified and charged — www.bleepingcomputer.com — 20.08.2025 20:40
RapperBot was used to target U.S. government systems, major media platforms, gaming companies, and large tech firms.
First reported: 20.08.2025 20:40

📰 1 source, 1 article
Show sources
- “Rapper Bot” malware seized, alleged developer identified and charged — www.bleepingcomputer.com — 20.08.2025 20:40
In 2023, RapperBot added a cryptomining module to diversify its revenue stream.
First reported: 20.08.2025 20:40

📰 1 source, 1 article
Show sources
- “Rapper Bot” malware seized, alleged developer identified and charged — www.bleepingcomputer.com — 20.08.2025 20:40
RapperBot launched 370,000 attacks since April 2025.
First reported: 20.08.2025 20:40

📰 1 source, 1 article
Show sources
- “Rapper Bot” malware seized, alleged developer identified and charged — www.bleepingcomputer.com — 20.08.2025 20:40
RapperBot attacks ranged from several terabits to over 1 billion packets per second (pps).
First reported: 20.08.2025 20:40

📰 1 source, 1 article
Show sources
- “Rapper Bot” malware seized, alleged developer identified and charged — www.bleepingcomputer.com — 20.08.2025 20:40
A DDoS attack averaging over two Terabits per second lasting 30 seconds might cost a victim anywhere from $500 to $10,000.
First reported: 20.08.2025 20:40

📰 1 source, 1 article
Show sources
- “Rapper Bot” malware seized, alleged developer identified and charged — www.bleepingcomputer.com — 20.08.2025 20:40
Foltz was issued a summons following the filing of the criminal complaint and remains free.
First reported: 20.08.2025 20:40

📰 1 source, 1 article
Show sources
- “Rapper Bot” malware seized, alleged developer identified and charged — www.bleepingcomputer.com — 20.08.2025 20:40

Similar Happenings

Cloudflare mitigates record 11.5 Tbps UDP flood DDoS attack

Cloudflare recently blocked the largest recorded volumetric DDoS attack, peaking at 11.5 Tbps. The attack was a UDP flood, primarily originating from a combination of several IoT and cloud providers, including Google Cloud, and lasted approximately 35 seconds. Volumetric DDoS attacks overwhelm targets with massive data, consuming bandwidth and exhausting resources. This attack is part of a recent surge in hyper-volumetric DDoS attacks, with Cloudflare autonomously blocking hundreds over the past few weeks. This attack follows a 7.3 Tbps DDoS attack in June 2025 and a 3.8 Tbps attack in October 2024, both mitigated by Cloudflare. The increase in DDoS attacks highlights the escalating threat landscape and the need for robust cybersecurity defenses. The attack involved the RapperBot botnet, which targets network video recorders (NVRs) and other IoT devices, exploiting security flaws to gain initial access and download the malware payload.

Open in new tab

Summary

Timeline

RapperBot Botnet Administrator Charged and Infrastructure Seized

Information Snippets

Similar Happenings

Cloudflare mitigates record 11.5 Tbps UDP flood DDoS attack