Ethan Foltz, a 22-year-old from Oregon, faces charges from the U.S. Department of Justice (DoJ) for running the RapperBot botnet. This botnet has been used in over 370,000 DDoS-for-hire attacks against targets in more than 80 countries since 2021.
How RapperBot Botnet Targets Victims
RapperBot, also called Eleven Eleven Botnet and CowBot, infects devices like DVRs and Wi-Fi routers with malicious malware. Once these devices are compromised, they join a botnet capable of launching powerful DDoS attacks on computers and servers worldwide.
The DoJ has charged Foltz with one count of aiding and abetting computer intrusions. If convicted, he could face up to 10 years in prison. Law enforcement seized control of the botnet infrastructure after searching Foltz’s residence on August 6, 2025.
RapperBot’s Expansive Reach
Since its creation, RapperBot has conducted over 370,000 attacks, affecting 18,000 unique victims in countries including the U.S., Japan, China, Ireland, and Hong Kong. The attacks have reached 2 to 3 Terabits per second (Tbps), with the largest one estimated to exceed 6 Tbps. Additionally, the botnet has been used in ransom DDoS attacks, where attackers demand payment from victims.
RapperBot’s Operation and Expansion
RapperBot operates similarly to the fBot and Mirai botnets, gaining access to devices through SSH or Telnet brute-force attacks. After compromising the devices, the botnet uses them to launch DDoS attacks. Furthermore, RapperBot has evolved, branching out into cryptojacking, using infected devices to mine Monero.
Ongoing Efforts to Disrupt RapperBot
The disruption of RapperBot is part of Operation PowerOFF, an international initiative to dismantle DDoS-for-hire networks. With support from Amazon Web Services (AWS), authorities were able to identify and take control of the RapperBot command-and-control infrastructure.
Conclusion
The RapperBot botnet represents one of the largest DDoS botnets discovered in recent years. The botnet’s wide-reaching impact highlights the need for stronger cybersecurity measures and greater efforts to combat cybercrime botnets.
