German Police Crush Two Massive Botnets That Hijacked Millions of Home Devices

German cybercrime authorities, working with partners in the United States and Canada, dismantled the infrastructure of two of the world's largest botnets in a coordinated three-nation operation targeting networks that had quietly enslaved millions of everyday household devices to wage large-scale cyberattacks.

The operation, announced Saturday, shut down the technical infrastructure of Aisuru and Kimwolf, networks that together compromised several million internet-connected devices and used them to conduct Distributed Denial of Service attacks capable of overwhelming and crippling online services. Germany's Federal Criminal Police Office and the Central Office for Combating Cybercrime in North Rhine-Westphalia led the effort on the German side.

The two botnets exploited devices that most people never think to secure: routers, webcams, and Android TV boxes sitting in living rooms and home offices around the world. Aisuru drew primarily on compromised routers and webcams, while Kimwolf infected mainly Android TV boxes. In each case, device owners had no indication their hardware had been recruited into a criminal network capable of generating devastating floods of internet traffic.

Kimwolf carried an additional layer of criminal sophistication. Beyond conducting its own attacks, the network was rented out to other hackers who wanted to disguise the origin of malicious traffic, making it appear to originate from ordinary household connections. The arrangement effectively turned Kimwolf into a criminal service business, lowering the barrier for anyone seeking to launch an anonymous cyberattack.

German police, prosecutors and cybercrime officials said the botnets "posed a significant threat to IT infrastructure due to their size and associated attack capacity."

Investigators carried out searches in Germany and Canada, seizing extensive evidence including data storage devices and cryptocurrencies worth tens of thousands. Two suspected administrators of the networks have been identified and now face "legal consequences," according to an official statement, which provided no further details on their identities or the specific charges they may face.

The operation illustrates both the growing scale of botnet-based cybercrime and the international coordination now required to disrupt it. Botnets thrive on jurisdictional complexity: infrastructure is scattered across dozens of countries, operators hide behind layers of anonymized traffic, and the compromised devices are owned by unwitting civilians who have no idea their smart TV or home router is participating in a criminal enterprise.

The consumer IoT security problem sits at the center of this vulnerability. Unlike laptops and smartphones, which receive regular security updates and are protected by antivirus software, devices like routers, webcams, and streaming boxes are routinely left on factory default passwords, rarely patched, and almost never monitored. Botnets like Aisuru and Kimwolf have long exploited exactly that gap.

Authorities have not released the names of the suspected administrators, named the specific U.S. or Canadian agencies involved, or identified any organizations targeted by DDoS attacks linked to the two networks. The exact amount and currency of the seized cryptocurrency also has not been confirmed.

With the infrastructure dismantled and two suspects identified, investigators now face the harder task of building cases strong enough to survive prosecution across multiple legal systems.