Powerful DDoS botnet Rapper Bot, once deemed the most formidable in existence, has now ceased operations.
In a significant cybersecurity development, Ethan Foltz, a 22-year-old man from Oregon, has been charged for creating and managing the Rapper Bot botnet, one of the most potent Distributed Denial of Service (DDoS) botnets ever recorded.
According to the US Attorney Michael J. Heyman for the District of Alaska, Rapper Bot was a formidable force in the cybercrime world. The investigation into Foltz's activities has successfully ended his role as administrator and disrupted the operations of the transnational criminal group behind the botnet.
Since Foltz's arrest, no additional companies or organisations have been publicly reported as victims of the Rapper Bot DDoS-for-hire botnet, besides the outages on X. The botnet has been responsible for more than 370,000 attacks since April, targeting approximately 18,000 unique victims.
The botnet has been active since at least 2021, initially deploying and executing a separate Monero cryptominer alongside the usual Rapper Bot binary. However, it later combined both functionalities into a single bot, branching out into cryptojacking, specifically targeting Intel x64 machines.
The largest attack attributed to the botnet is believed to have topped six terabits per second, a staggering amount of traffic. The botnet uses infected victim devices to conduct DDoS attacks that can amount to between two to three terabits per second.
The Department of Justice (DOJ) states that an attack by the Rapper Bot botnet could cost a victim up to $10,000. Some of Rapper Bot's customers, including Chinese gambling operations, have extorted victims globally.
Amazon Web Services (AWS) contributed to the takedown by identifying Rapper Bot's command and control (C2) infrastructure and reverse engineering the IoT malware to map its operations and activities. Earlier this month, law enforcement officials executed a search warrant on Foltz's residence in Oregon and shut down Rapper Bot's attack capabilities, gaining administrative control. No attacks have been reported since.
The botnet has targeted devices like digital video recorders, Wi-Fi routers, and more, exploiting them for DDoS attacks in over 80 countries. The office of the US attorney remains committed to disrupting and dismantling cyber criminals that threaten internet security and infrastructure.
In a related development, Europol recently took down 27 DDoS-for-hire sites. There is a potential for hackers to start using AI assistants to coordinate DDoS attacks in the future, underscoring the need for continuous vigilance and collaboration in the fight against cybercrime.
Foltz is charged with one count of aiding and abetting computer intrusions, for which he could face up to ten years in prison. The Rapper Bot botnet, also known as Eleven Eleven Botnet and CowBot, has been involved in a series of large-scale cyber attacks since its inception. The US attorney's office reaffirms its dedication to protecting the internet and its users from such threats.
