Rapper Bot attacks were launched against 80 countries.
Operations of the highly powerful Rapper Bot distributed denial-of-service botnet have been dismantled by U.S. authorities following a warrant against its alleged developer and administrator.
Attacks with Rapper Bot, which entailed 65,000 to 95,000 compromised devices to reach two to three terabits per second, had been launched against 80 countries, with China, Japan, the U.S., Ireland, and Hong Kong being the most affected.
With the help of Amazon Web Services, Google, PayPal, and other firms, attribution was made to Ethan Foltz, after establishing a link between the botnet's hosting provider and PayPal that exposed his shared email addresses.
"Because Rapper Bot has been in operation since at least 2021, there is a strong likelihood that there are millions of victims, in terms of infected IoT devices, as well as millions of Rapper Bot-initiated DDoS attacks," said a Defense Criminal Investigative Service agent in an affidavit.
Foltz remains on the run, and could face up to a decade-long imprisonment over a charge of aiding and abetting cyber-attacks, reports CyberScoop.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
