
Aisuru
IoT botnet seized on 19 March 2026 alongside Kimwolf, JackSkid and Mossad in a coordinated infrastructure takedown.
Last refreshed: 29 May 2026 · Appears in 1 active topic
Was anyone arrested for operating the Aisuru botnet after the March 2026 seizure?
Timeline for Aisuru
Mentioned in: Kimwolf botmaster held over record DDoS
Cybersecurity: Threats and DefencesWhat is the Aisuru botnet?
Was the Aisuru botnet linked to Jacob Butler?
How do IoT botnets like Aisuru recruit devices?
Background
Aisuru was one of four IoT botnets whose infrastructure was seized in a joint law-enforcement operation on 19 March 2026, alongside Kimwolf, JackSkid and Mossad. The seizure preceded the May 2026 arrest of Jacob Butler ('Dort'), alleged operator of the Kimwolf network, suggesting co-ordinated international disruption of the IoT DDoS-for-hire ecosystem. Aisuru's infrastructure was taken down as part of the same operation, though no separate operator arrest was announced at the time of reporting.
Aisuru is an IoT botnet family built on enslaved consumer devices — primarily routers, cameras and digital-video recorders vulnerable to default-credential exploitation or unpatched firmware. The name 'Aisuru' (from the Japanese verb 'to love') was used by operators to brand their DDoS-for-hire stresser service. Like Kimwolf, Aisuru operates by recruiting vulnerable IoT devices into a botnet and renting DDoS capacity to paying customers targeting gaming servers, financial services and critical infrastructure.
The concurrent March 2026 seizure of four botnet infrastructures illustrates the law-enforcement strategy of disrupting the DDoS-for-hire market wholesale rather than pursuing individual operators serially. Infrastructure seizures degrade botnet capacity temporarily but have historically had limited lasting effect without operator arrests; the Butler arrest two months later signals that infrastructure seizure was the first phase of a broader prosecution strategy.