The US Department of Justice (DOJ) on Tuesday announced charges against a US national for his alleged role in operating a distributed denial-of-service (DDoS) botnet.
The man, Ethan Foltz, 22, of Eugene, Oregon, was the alleged administrator of the botnet known as RapperBot, Eleven Eleven Botnet, and CowBot, which abused ensnared IoT devices, mainly DVR devices and Wi-Fi routers, to launch massive DDoS attacks against victims in more than 80 countries.
According to the indictment, Foltz and his co-conspirators sold access to the botnet’s capabilities. Between April and August 2025, RapperBot was allegedly used to launch over 370,000 DDoS attacks against 18,000 unique victims.
A US government network, US tech companies, and a social media platform were among the targeted organizations, documents presented in court show.
RapperBot is estimated to have been regularly abusing between 65,000 and 95,000 infected devices to launch attacks of roughly 2-3 terabits per second (Tbs). One of the largest RapperBot attacks allegedly peaked at 6 Tbs.
The botnet was first detailed in 2022, when FortiGuard Labs warned that, although it was based on Mirai code, it had credential brute-forcing capabilities, was targeting SSH servers, and contained a persistence mechanism.
The Justice Department says RapperBot was disrupted in early August, following the execution of a search warrant on Foltz’s residence in Oregon, which provided law enforcement with administrative control of the botnet.
Foltz has been charged with aiding and abetting computer intrusions and faces up to 10 years in prison if found guilty.
“Rapper Bot was one of the most powerful DDoS botnets to ever exist, but the outstanding investigatory work by DCIS cyber agents and support of my office and industry partners has put an end to Foltz’s time as administrator and effectively disrupted the activities of this transnational criminal group,” US Attorney Michael J. Heyman for the District of Alaska said.
RapperBot’s takedown, the DOJ says, was conducted in conjunction with Operation PowerOFF, an international law enforcement effort that previously led to the disruption of dozens of DDoS-for-hire services, including DigitalStress, Stresser.tech, Neostress, Webstresser, and many others.
Related: Archetyp Dark Web Market Shut Down by Law Enforcement
Related: Google Sues Operators of 10-Million-Device Badbox 2.0 Botnet
Related: New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices
Related: Prometei Botnet Activity Spikes
