The U.S. Division of Justice (DoJ) introduced costs in opposition to the alleged developer and administrator of the “Rapper Bot” DDoS-for-hire botnet.
Ethan Foltz, 22, of Eugene, Oregon, allegedly rented the botnet to cybercriminals eho focused numerous organizations.
The botnet operation itself was seized as a part of ‘Operation PowerOff ‘on August 6, throughout a raid at Foltz’s residence in Oregon.
The Mirai-based malware botnet, which is also referred to as “Eleven Eleven” and “CowBot,” has been energetic since a minimum of 2021 and contaminated tens of 1000’s of Digital Video Recorders (DVRs) and router gadgets.
The firepower ranged between 2 to six Tbps (terabits per second).
The U.S. DoJ announcement explains that Rapper Bot was used to goal over 18,000 entities throughout 80 nations, together with U.S. authorities techniques, main media platforms, gaming corporations, and enormous tech companies.
In 2023, Rapper Bot added a cryptomining module to diversify its income stream and maximize earnings from compromised gadgets.
Amazon Internet Providers (AWS), which helped with tracing Rapper Bot’s command and management infrastructure and assisted U.S. regulation enforcement with actionable intelligence, reviews that since April 2025, Rapper Bot launched 370,000 assaults.
These assaults ranged from a number of terabits to over 1 billion packets per second (pps), with the ability coming from greater than 45,000 compromised gadgets throughout 39 nations.
Even they final a brief interval, the assaults can value victims 1000’s of US {dollars}, says the DoJ, and extortion is commonly concerned.
“The legal criticism particulars {that a} DDoS assault averaging over two Terabits per second lasting 30 seconds may cost a sufferer anyplace from $500 to $10,000,” defined the DoJ.
“It is usually alleged that some Rapper Bot prospects used extortion calls for, leveraging the DDoS assault volumes of the Botnet to extort victims.”
Foltz was charged with aiding and abetting laptop intrusions, which carries a most sentence of as much as ten years in jail if convicted.
At present, although, Foltz stays free. He was issued a summons following the submitting of the legal criticism.
The Rapper Bot has not proven any indicators of resurgence in malicious exercise following the seizure of its infrastructure by the authorities on August 6, so the existence of backup C2s managed by different operators appears unlikely at this level.
46% of environments had passwords cracked, almost doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and knowledge exfiltration traits.
