- U.S. authorities have charged 22-year-old Ethan Foltz of Oregon with running the RapperBot DDoS-for-hire botnet.
- RapperBot compromised tens of thousands of devices worldwide, targeting victims in more than 80 countries since 2021.
- Law enforcement seized control of the botnet and found it enabled over 370,000 attacks, affecting about 18,000 unique victims.
- The botnet used infected devices to launch massive cyberattacks, some measuring up to 6 Terabits per second.
- The case is part of Operation PowerOFF, an international effort targeting DDoS-for-hire services around the world.
Federal prosecutors have charged Ethan Foltz, a 22-year-old from Eugene, Oregon, with allegedly operating and managing RapperBot, a distributed denial-of-service (DDoS)-for-hire botnet. Authorities stated Foltz created the service, which has conducted large-scale attacks against organizations worldwide since at least 2021.
According to the U.S. Department of Justice, law enforcement took control of RapperBot’s infrastructure after searching Foltz’s home on August 6, 2025. Prosecutors said RapperBot enabled more than 370,000 DDoS attacks targeting at least 18,000 unique victims in countries like China, Japan, the United States, Ireland, and Hong Kong from April to August 2025. If Foltz is convicted, he faces up to 10 years in prison.
The Department of Justice explained that RapperBot, also known as “Eleven Eleven Botnet” and “CowBot,” primarily infected devices such as DVRs and Wi-Fi routers by using specialized Malware. “Clients of RapperBot then issue commands to those infected victim devices, forcing them to send large volumes of ‘distributed denial-of-service’ (DDoS) traffic to different victim computers and servers located throughout the world,” officials said. The botnet was inspired by threats such as fBot (Satori) and Mirai, and broke into target equipment by brute-forcing logins over SSH or Telnet.
A Fortinet report from 2023 noted that RapperBot expanded its activities to include cryptojacking, using infected devices to mine Monero. The botnet has also targeted high-profile platforms, including DeepSeek and X.
Amazon Web Services (AWS) played a role in identifying the botnet, stating RapperBot infected over 45,000 devices in 39 countries. AWS helped locate RapperBot’s infrastructure and analyze its malware, revealing attacks that reached up to 6 Terabits per second. Prosecutors also linked between 65,000 and 95,000 devices to the botnet at its peak and cited evidence of ransom attacks intended to extort victims.
Investigators traced the botnet to Foltz using IP addresses connected to services like Paypal, Gmail, and his internet provider. They reported that Foltz searched for “RapperBot” or related terms over 100 times on Google.
The takedown is part of Operation PowerOFF, a global initiative to disrupt DDoS-for-hire operations.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Ark Invest Boosts Bullish, Robinhood Positions With Major Buys
- Morgan Stanley: Nvidia Is Most Underowned Big Tech Stock
- Lloyds Auctions 280+ Bitcoin Domains, Including BitcoinWallets.com
- Bearish Trends, Reluctant Banks Slow Ripple (XRP) Price and Adoption
- Top MSTR Influencer Sells, Calls Michael Saylor a “Liar”
