A 22-year-old man from Oregon, USA, has been charged with developing and overseeing a dispersed refusal (DDOS)-Hire Botnet, known as Rapperbot.
Ethan Foltz of Eugene, Oregon, has been identified as the administrator of the service, the U.S. Department of Justice (DOJ) said. Botnets have been used since at least 2021 to carry out large-scale DDOS-For Hire attacks targeting victims in more than 80 countries.
Foltz is being charged with a single count of aiding in breaking into a computer. If convicted, he faces the biggest penalty in a 10-year prison. Additionally, law enforcement conducted a search of the Vorz residence on August 6, 2025, seized the management and management of botnet infrastructure.
“Rapperbot, also known as “Eleven Eleven Botnet” and “Cowbot” are botnets that compromise devices of scale by infecting devices such as digital video recorders (DVRs) and Wi-Fi routers with specialized malware,” DOJ said.
“The wrapperbot clients are responsible for issuing commands to these infected victim devices and forcing them to send a large amount of “distributed denied” (DDOS) traffic to various victim computers and servers around the world. ”
Heavyly inspired by FBOT (aka Satori) and Mirai Botnets, Rapperbot is known for its ability to infiltrate target devices using SSH or Telnet Brute-Force attacks and employ them on malicious networks that can launch DDOS attacks. It was first published by Fortinet in August 2022, and an early campaign was observed until May 2021.
In a 2023 report from Fortinet, DDOS Botnet details its expansion into cryptojacking, excluding computational resources for compromised devices, and profited to illegally mine Monero and maximize its value. Earlier this year, Rapperbot was also involved in DDOS attacks targeting Deepseek and X.
Foltz and his co-conspirators have been accused of monetizing the rapper bot by providing customers with payments to the powerful DDOS botnet, which is used to carry out over 370,000 attacks, targeting 18,000 unique casualties in China, Japan, Ireland and Hong Kong from April to early August 2025.
Prosecutors also claim that the botnet consists of approximately 65,000-95,000 infected victim devices, eliminating DDOS attacks measured between 2-3 terabits per second (TBPS) and that the largest attacks are likely to exceed 6 TBP. Furthermore, the botnet is believed to have been used to carry out ransom DDOS attacks aimed at enforcing victims.
The investigation tracked Botnet to Foltz after revealing IP address links to various online services used by the defendants, including PayPal, Gmail and Internet Service providers. Foltz is said to have searched Google for references to “rapperbots” or “rapperbots” more than 100 times.
The Rapperbot disruption is part of Operation Poweroff, a continuing international effort designed to dismantle criminal DDOS-For Hire infrastructure around the world.
Source link
