US prosecutors have charged 22-year-old Ethan Foltz of Eugene, Oregon, with operating Rapper Bot, a massive botnet-for-hire that law enforcement says powered hundreds of thousands of distributed denial-of-service (DDoS) attacks worldwide. The takedown occurred on August 6, when agents raided Foltz’s home and seized the botnet’s infrastructure under the international Operation PowerOff.

Authorities said Rapper Bot relied on tens of thousands of infected IoT devices, including home routers and DVRs, to generate traffic at an unprecedented scale. According to prosecutors, the network typically launched attacks of two to three terabits per second, with its largest strike allegedly exceeding six terabits per second. Since April, the botnet has carried out more than 370,000 attacks against 18,000 unique victims in over 80 countries.

Michael Heyman, US Attorney in Alaska, described Rapper Bot as “one of the most powerful DDoS botnets to ever exist,” adding that “the outstanding investigatory work by DCIS cyber agents and support of my office and industry partners has put an end to Foltz’s time as administrator.” Investigators said victims included US government agencies, technology companies, social media platforms, and defense contractors, with some attacks used for extortion.

The botnet, also known as Eleven Eleven and CowBot, was built on Mirai malware and later expanded to include cryptomining features. AWS confirmed it helped reverse engineer the malware and identify its command-and-control systems, working alongside Akamai, Cloudflare, Google, and other industry partners to dismantle the infrastructure. DCIS Special Agent in Charge Kenneth DeChellis said Rapper Bot posed “a direct threat” to the Department of Defense.

Foltz faces one count of aiding and abetting computer intrusions, an offense that carries up to ten years in prison. Prosecutors noted that a 30-second strike averaging two terabits per second could cost victims anywhere from $500 to $10,000, underscoring the financial damage caused by these on-demand attacks. Since the seizure, Rapper Bot has gone silent, and investigators believe no backup servers remain online.