Global Botnet Takedown: Millions of IoT Devices Compromised

An international police operation has dismantled four major botnets that hijacked over three million insecure IoT devices. The campaign highlights the ongoing danger posed by inadequate smart home security and pushes forward novel regulations.

Coordinated International Effort

A coordinated operation by authorities in the United States, Germany, and Canada on March 21, 2026, targeted networks responsible for hundreds of thousands of cyberattacks, including DDoS attacks on government websites and blackmail attempts. Over three million infected devices – often routers, webcams, or smart home gadgets – have been identified. Many were compromised due to default passwords or a lack of security updates, resulting in tens of thousands of dollars in losses and remediation expenses for some victims [Justice Department].

The Botnets: Aisuru, Kimwolf, JackSkid, and Mossad

The four botnets – named Aisuru, Kimwolf, JackSkid, and Mossad – are responsible for a series of recent record-smashing distributed denial-of-service (DDoS) attacks capable of knocking nearly any target offline [KrebsOnSecurity]. Aisuru issued over 200,000 attack commands, although JackSkid hurled at least 90,000 attacks. Kimwolf issued more than 25,000 attack commands, and Mossad was blamed for roughly 1,000 digital sieges [KrebsOnSecurity]. The Justice Department executed seizure warrants targeting U.S.-registered domains, virtual servers, and other infrastructure involved in DDoS attacks against Internet addresses owned by the Department of Defense [Justice Department].

Smart Homes as a Gateway for Criminals

These botnets exploited vulnerabilities in insecure IoT devices as an attack vector. Reports from late 2025 indicated that an average household with around 22 connected devices was attacked almost daily. Streaming devices and smart TVs with outdated software are particularly vulnerable, providing easy targets for cybercriminals to build large attack networks.

New Regulations and Industry Standards

Governments worldwide are tightening cybersecurity regulations in response to the growing threat. Australia implemented binding minimum standards for smart devices on March 4, 2026, prohibiting universal standard passwords and requiring manufacturers to establish clear reporting paths for security gaps and transparent update policies. The EU’s Cyber Resilience Act, expected to be fully implemented in 2026, will hold manufacturers liable for safety defects throughout the product lifecycle. In the United States, labeling systems are being developed to provide consumers with safety information.

The Matter Standard: Towards Interoperability and Security

Alongside government regulations, the industry is advancing the Matter standard to improve interoperability and security. Developed by the Connectivity Standards Alliance, Matter enables seamless communication between devices from different brands over Wi-Fi and Thread. Recent advancements include Matter 1.4’s improvements in energy management and the upcoming Matter 1.5, expected in 2026, which will provide critical support for security cameras [Reuters]. Manufacturers like Aqara and Samsung SmartThings are already adopting the Matter standard.

Looking Ahead: Security as a Driver of Innovation

The dismantling of these botnets, coupled with new regulations and the Matter standard, represents a turning point for the smart home industry. Responsibility for security now rests firmly with manufacturers. Future advancements in artificial intelligence and analytics may further enhance IoT security by detecting anomalous device behavior and automatically mitigating threats. The future of connected homes will depend on robust, integrated security architectures to build consumer trust.