Key takeaways:

• Ethan Foltz, 22, from Oregon, has been charged with running Rapper Bot, also known as Eleven Eleven Botnet or CowBot, one of the largest and most aggressive DDoS-for-hire services in recent years.
• The botnet allegedly compromised up to 95,000 IoT devices—including Wi-Fi routers and DVRs—launching more than 370,000 attacks on 18,000 victims across 80 countries.
• Targets included U.S. government networks, the social media platform X, AI company DeepSeek, and online gambling operators, with some attacks linked to extortion schemes.
• Investigators say the botnet generated sustained traffic of 2–3 terabits per second and at times peaked above 6 terabits per second, overwhelming even major technology infrastructures.
• Law enforcement seized control of the botnet on August 6, 2025, with help from AWS, Cloudflare, Google, PayPal, and other partners.

Federal prosecutors have accused Ethan Foltz of Eugene, Oregon, of running one of the most powerful distributed denial-of-service networks ever seen. The Department of Justice alleges that Foltz was the administrator behind Rapper Bot, a DDoS-for-hire operation active since at least 2021. The botnet, also referred to as Eleven Eleven Botnet or CowBot, was able to marshal tens of thousands of compromised devices into coordinated cyberattacks.

Authorities say that between April and early August 2025 alone, the botnet carried out more than 370,000 separate attacks, hitting roughly 18,000 targets in more than 80 countries. Victims reportedly included U.S. government systems, technology platforms such as X, and artificial intelligence firms like DeepSeek. Some gambling websites were also attacked, with extortion demands linked to the disruption.

The scale of these assaults set Rapper Bot apart. Investigators documented average traffic levels of 2 to 3 terabits per second, already sufficient to overwhelm many enterprise systems. In some cases, attacks spiked beyond 6 terabits per second, levels usually seen only in the most extreme global incidents. Officials said even a 30-second surge at that magnitude could inflict damages measured in thousands of dollars, leaving businesses under pressure to comply with ransom demands.

On August 6, 2025, law enforcement executed a search warrant at Foltz’s home in Eugene. During questioning, he admitted being the primary administrator of the botnet and turned over credentials to investigators. Prosecutors said he also identified a co-conspirator known online as “SlayKings.” With Foltz in custody, officials took over command of the botnet, effectively dismantling it.

The operation drew support from private-sector companies including AWS, Cloudflare, Google, and PayPal. Their involvement reflects the growing trend of cooperation between government and industry in efforts to combat global cybercrime. The case was brought in the U.S. District Court for the District of Alaska, part of Operation PowerOFF, an international law enforcement initiative targeting DDoS-for-hire services.

Foltz is charged with aiding and abetting computer intrusions. If convicted, he faces a maximum sentence of 10 years in federal prison. The Justice Department noted that while dismantling the botnet removes a serious threat, the incident highlights the continuing risks posed by vulnerable connected devices and the criminal markets that exploit them.

This case underscores how relatively inexpensive and widely available IoT devices can be weaponized at scale, and why cybersecurity practices and coordinated enforcement remain central to defending networks from future botnet campaigns.

Learn how AI Agents can supercharge your company’s profits and productivity at TMC’s AI Agent Event Sept 29-30, 2025 in DC.

Rich Tehrani serves as CEO of TMC and chairman of ITEXPO #TECHSUPERSHOW Feb 10-12, 2026 and is CEO of RT Advisors and is a Registered Representative (investment banker) with and offering securities through Four Points Capital Partners LLC (Four Points) (Member FINRA/SIPC). He handles capital/debt raises as well as M&A. RT Advisors is not owned by Four Points.

The above is not an endorsement or recommendation to buy/sell any security or sector mentioned. No companies mentioned above are current or past clients of RT Advisors.

The views and opinions expressed above are those of the participants. While believed to be reliable, the information has not been independently verified for accuracy. Any broad, general statements made herein are provided for context only and should not be construed as exhaustive or universally applicable.

Portions of this article may have been developed with the assistance of artificial intelligence, which may have contributed to ideation, content generation, factual review, or editing.