Aisuru botnet shifts to residential proxy rental
Malware Activity
Summary
Hide ▲
Show ▼
The Aisuru botnet has been updated to turn hundreds of thousands of infected IoT devices into residential proxies, expanding its monetization model and helping cybercriminals hide traffic. That shift matters because the same botnet that delivered record-smashing DDoS attacks is now also being used to anonymize malicious web activity and large-scale scraping.
Related Happenings
Kimwolf operators build a cybercrime-as-a-service DDoS access market
Threat Actor Meta
First: 22.05.2026 11:50
Last: 22.05.2026 11:50
Sources 1
About this happening:
The **Kimwolf** operators ran a **cybercrime-as-a-service** market that sold access to infected devices, widening **DDoS-for-hire** abuse. The model turned compromised **digital p...
Kimwolf operators build a cybercrime-as-a-service DDoS access market
Threat Actor MetaAbout this happening: The **Kimwolf** operators ran a **cybercrime-as-a-service** market that sold access to infected devices, widening **DDoS-for-hire** abuse. The model turned compromised **digital p...
Aisuru, KimWolf, JackSkid, and Mossad botnet C2 takedown
Law Enforcement
First: 20.03.2026 10:05
Last: 20.03.2026 10:05
Sources 1
About this happening:
The **U.S. Department of Justice** announced the arrest of **Jacob Butler (aka Dort)**, a **23-year-old** in **Ottawa, Canada**, for allegedly developing and operating the **Kimwo...
Aisuru, KimWolf, JackSkid, and Mossad botnet C2 takedown
Law EnforcementAbout this happening: The **U.S. Department of Justice** announced the arrest of **Jacob Butler (aka Dort)**, a **23-year-old** in **Ottawa, Canada**, for allegedly developing and operating the **Kimwo...
AISURU/Kimwolf hyper-volumetric DDoS botnet activity
Malware Activity
First: 05.02.2026 19:25
Last: 05.02.2026 19:25
Sources 1
About this happening:
The **AISURU/Kimwolf** botnet is a **malware activity** cluster tied to **hyper-volumetric DDoS attacks** and large-scale device conscription. On **2025-12-04**, Cloudflare said i...
AISURU/Kimwolf hyper-volumetric DDoS botnet activity
Malware ActivityAbout this happening: The **AISURU/Kimwolf** botnet is a **malware activity** cluster tied to **hyper-volumetric DDoS attacks** and large-scale device conscription. On **2025-12-04**, Cloudflare said i...
Latest development: 20.03.2026 08:25
The U.S. Department of Justice disrupted command-and-control infrastructure used by AISURU, Kimwolf, JackSkid, and Mossad in a court-authorized law-enforcement operation, with support from Akamai, Amazon Web Services, Cloudflare, DigitalOcean, Google, Lumen, Nokia, Okta, Oracle, PayPal, SpyCloud, Synthient, Team Cymru, Unit 221B, and QiAnXin XLab.
2025 DDoS surge targets telecommunications, service providers, and carriers
Target Trend
First: 05.02.2026 19:25
Last: 05.02.2026 19:25
Sources 1
About this happening:
**Cloudflare** reports that the **2025 DDoS surge** has continued into **Q3 2025**, with the **Aisuru botnet** driving more than **1,300 attacks** in three months and a record pea...
2025 DDoS surge targets telecommunications, service providers, and carriers
Target TrendAbout this happening: **Cloudflare** reports that the **2025 DDoS surge** has continued into **Q3 2025**, with the **Aisuru botnet** driving more than **1,300 attacks** in three months and a record pea...
Aisuru/Kimwolf botnet record DDoS campaign against telecommunications and IT companies
Campaign
First: 29.01.2026 16:55
Last: 29.01.2026 16:55
Sources 1
How related:
Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic.
About this happening:
The **Aisuru/Kimwolf botnet** campaign expanded in **late 2025** with **Kimwolf**, a **DDoS botnet** compiled using the **NDK**, and evidence linking it to **AISURU** through shar...
Aisuru/Kimwolf botnet record DDoS campaign against telecommunications and IT companies
CampaignHow related: Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic.
About this happening: The **Aisuru/Kimwolf botnet** campaign expanded in **late 2025** with **Kimwolf**, a **DDoS botnet** compiled using the **NDK**, and evidence linking it to **AISURU** through shar...
Latest development: 20.03.2026 02:49
The U.S. Justice Department, with authorities in Canada and Germany, dismantled infrastructure behind Aisuru, Kimwolf, JackSkid and Mossad, seized U.S.-registered domains and virtual servers used in DDoS attacks against DoD Internet addresses, and said the action was intended to prevent further infections and future attacks.
Timeline
-
29.10.2025 02:51 1 articles · 7mo ago
Aisuru adds residential proxy rental
Technical Analysis UpdateAisuru botmasters updated the botnet so compromised Internet of Things devices can be rented to residential proxy providers, turning infected routers and security cameras into traffic-anonymization infrastructure for cybercriminals and large-scale content scraping. The botnet had first been identified in August 2024, had spread to at least 700,000 IoT systems, and had already been used for a June DDoS against KrebsOnSecurity.com that reached 6.3 terabits per second.
Show sources
- Aisuru Botnet Shifts from DDoS to Residential Proxies — krebsonsecurity.com — 29.10.2025 02:51