
JackSkid
IoT botnet seized on 19 March 2026 alongside Kimwolf, Aisuru and Mossad in a coordinated infrastructure takedown.
Last refreshed: 29 May 2026 · Appears in 1 active topic
Was a JackSkid operator arrested alongside the Kimwolf botmaster in May 2026?
Timeline for JackSkid
Mentioned in: Kimwolf botmaster held over record DDoS
Cybersecurity: Threats and DefencesWhat is the JackSkid botnet?
Was the JackSkid operator arrested?
Background
JackSkid was among four IoT botnets whose infrastructure was seized on 19 March 2026 in a joint international law-enforcement operation targeting the DDoS-for-hire market. The four botnets seized simultaneously were Kimwolf, Aisuru, JackSkid and Mossad. The operation preceded the arrest of Jacob Butler ('Dort'), alleged Kimwolf operator, by two months, indicating a sequenced strategy of infrastructure disruption followed by operator prosecution.
JackSkid is an IoT-based DDoS botnet and stresser service built on enslaved consumer devices, primarily vulnerable home routers and IP cameras. The JackSkid name has been associated with underground DDoS-for-hire forums where capacity was rented to customers wishing to attack gaming infrastructure, financial services and other targets. Like other botnets in its peer group, JackSkid used credential-stuffing and known firmware exploits to enlist devices without user knowledge.
The bundling of JackSkid with three other botnets in a single seizure operation reflects law-enforcement awareness that the DDoS-for-hire market is fluid: operators collaborate, share infrastructure, and migrate capacity between named services. Dismantling multiple services simultaneously limits the ability of surviving operators to absorb displaced capacity.