RapperBot Botnet Dismantled, Creator Charged

Red Dog Security

25 Aug 2025 — 2 min read

The U.S. Department of Justice has charged the alleged developer and administrator of the RapperBot botnet, a Mirai-based network rented out to cybercriminals for large-scale DDoS attacks. The botnet itself was seized by law enforcement in early August during Operation PowerOff.

Origins and Evolution

RapperBot—also known as Eleven Eleven and CowBot—was first identified by Fortinet researchers in August 2021. At the time, analysts reported that the botnet had been active since May 2021, infecting tens of thousands of digital video recorders (DVRs) and routers worldwide.

Initially used exclusively for DDoS campaigns, RapperBot demonstrated attack power ranging from 2 to 6 terabits per second (Tbps). In 2023, its operator added a cryptocurrency mining module, seeking to diversify revenue streams and profit further from compromised devices.

Scope of Attacks

According to the Justice Department, RapperBot was used to attack more than 18,000 targets across 80 countries, including U.S. government systems, major media platforms, and gaming and technology companies.

Amazon Web Services (AWS), which assisted investigators by monitoring command-and-control infrastructure, reported that from April 2025 alone, RapperBot carried out over 370,000 DDoS attacks. These campaigns leveraged more than 45,000 compromised devices across 39 countries, with some attacks exceeding one billion packets per second (PPS).

Such attacks, even when short-lived, could cost victims thousands of dollars in damages and were often tied to extortion schemes.

“The indictment details that a DDoS attack with an average power of over two terabits per second, lasting 30 seconds, could cost a victim between $500 and $10,000,” the Department of Justice stated. “It is also known that some of RapperBot’s clients resorted to extortion, using the botnet’s DDoS attacks to extract money from victims.”

The Charges

The accused developer, 22-year-old Ethan Foltz of Oregon, is believed to have created RapperBot and rented it to other malicious actors who launched attacks against various organizations.

Foltz has been charged with aiding and abetting computer crimes. If convicted, he faces a maximum sentence of 10 years in prison. For now, however, he remains free under a summons requiring him to appear in court at a later date.

Positive Technologies Analyzes the Toolset of APT Group Goffee

Specialists at Positive Technologies have revealed details of a previously undocumented toolset used by the hacker group Goffee (also known as Paper Werewolf). According to the researchers, these tools were deployed in the later stages of attacks, enabling the group to maintain long-term persistence inside victim networks while avoiding detection.

Flipper Developers Deny Existence of “Secret Firmware” for Hacking Cars

The issue of car theft using the Flipper Zero has resurfaced in global headlines. This time, hackers claim to be selling a “secret firmware” for the device that allegedly works against cars from Ford, Audi, Volkswagen, Subaru, Hyundai, Kia, and several other manufacturers. The developers behind Flipper Zero say these

PyPI Combats Attacks Based on Domain Reclaiming

The developers of the Python Package Index (PyPI) have announced new measures to combat domain reclaiming attacks—an overlooked threat that allows malicious actors to hijack user accounts through password resets. As the official repository for Python packages, PyPI is a critical resource for software developers, project maintainers, and companies

Free Nuggets, Big Breach: How a Hacker Turned a McDonald’s Glitch Into a Corporate Security Wake-Up Call

What began as a stunt to score free nuggets ended in a full-scale security investigation that exposed dozens of vulnerabilities in McDonald’s digital infrastructure. On August 17, 2025, a user going by the nickname BobDaHacker published a detailed step-by-step report describing how a trivial error in the fast-food giant’