Redazione RHC : 23 August 2025 09:55
The U.S. Department of Justice has indicted the alleged developer and administrator of the RapperBot DDoS botnet, which was leased to cybercriminals. The botnet itself was seized by law enforcement in early August as part of Operation PowerOff.
RapperBot (also known as Eleven Eleven and CowBot) was first discovered by Fortinet analysts in August 2021. At the time, it was reported that the Mirai-based botnet had been active since May 2021 and had infected tens of thousands of digital video recorders (DVRs) and routers.
The power of DDoS attacks carried out with the Its support ranged from 2 to 6 Tbit/s. Additionally, in 2023, RapperBot was equipped with a cryptocurrency mining module, as its operator sought to diversify revenue sources and increase profits from compromised devices.
As now reported by the US Department of Justice, RapperBot has been used to attack more than 18,000 targets in 80 countries, including US government systems, major media platforms, gaming and technology companies.
Amazon Web Services (AWS), which helped law enforcement track the botnet’s command infrastructure and provided intelligence, reports that RapperBot has carried out over 370,000 attacks since April 2025 alone. The attacks, which involved over 45,000 compromised devices in 39 countries, sometimes exceeded one billion packets per second (PPS).
Such attacks cost thousands of dollars, though short-lived, and often went hand in hand with extortion, the Justice Department said.
Ethan Foltz, 22, of Oregon, has now been charged with created the botnet. He is believed to have created RapperBot and rented it to other attackers who attacked various organizations.
Foltz has been charged with aiding and abetting computer crimes, a maximum penalty of 10 years in prison if convicted. However, Foltz is currently free and has been issued a summons to appear in court on a specific date.
Redazione