A 22-year-old man from Oregon, USA, has been accused of suspected improvement and oversight of a distributed rejection (DDOS). Rapper Bot.
Ethan Foltz of Eugene, Oregon, has been recognized because the administrator of the service, the U.S. Division of Justice (DOJ) mentioned. Botnets have been used since not less than 2021 to hold out large-scale DDOS-For Rent assaults concentrating on victims in additional than 80 nations.
Foltz is being charged with a single rely of aiding in breaking into a pc. If convicted, he faces the most important penalty in a 10-year jail. Moreover, regulation enforcement carried out a search of the Vorz residence on August 6, 2025, seized the administration and administration of botnet infrastructure.
“Rapperbot, also called “Eleven Eleven Botnet” and “Cowbot” are botnets that compromise gadgets of scale by infecting gadgets comparable to digital video recorders (DVRs) and Wi-Fi routers with specialised malware,” DOJ mentioned.
“The wrapperbot purchasers are liable for issuing instructions to those contaminated sufferer gadgets and forcing them to ship a considerable amount of “distributed denied” (DDOS) site visitors to numerous sufferer computer systems and servers world wide. ”
Heavyly impressed by FBOT (aka Satori) and Mirai Botnets, Rapperbot is understood for its skill to infiltrate goal gadgets utilizing SSH or Telnet Brute-Power assaults and make use of them on malicious networks that may launch DDOS assaults. It was first revealed by Fortinet in August 2022, and an early marketing campaign was noticed till Could 2021.
In a 2023 report from Fortinet, DDOS Botnet particulars its enlargement into cryptojacking, excluding computational sources for compromised gadgets, and profited to illegally mine Monero and maximize its worth. Earlier this 12 months, Rapperbot was additionally concerned in DDOS assaults concentrating on Deepseek and X.
Foltz and his co-conspirators monetize the rapper bot by offering prospects with funds to the highly effective DDOS botnets used to hold out greater than 370,000 assaults, concentrating on 18,000 distinctive casualties in China, Japan, the US, Eire and Hong Kong from April to early August 2025.
Amazon Net Companies (AWS), one of many many corporations supporting the initiative, mentioned Rapperbot has contaminated greater than 45,000 gadgets in 39 nations, serving to to determine Rapperbot’s command and management (C2) infrastructure and reverse engineer IoT malware to map operations and actions.
Prosecutors additionally declare that the botnet consists of roughly 65,000-95,000 contaminated sufferer gadgets, eliminating DDOS assaults measured between 2-3 terabits per second (TBPS) and that the most important assaults are more likely to exceed 6 TBP. Moreover, the botnet is believed to have been used to hold out ransom DDOS assaults geared toward implementing victims.
The investigation tracked Botnet to Foltz after revealing IP handle hyperlinks to numerous on-line providers utilized by the defendants, together with PayPal, Gmail and Web Service suppliers. Foltz is alleged to have searched Google for references to “rapperbots” or “rapperbots” greater than 100 occasions.
The Rapperbot disruption is a part of Operation Poweroff, a unbroken worldwide effort designed to dismantle prison DDOS-For Rent infrastructure world wide.
