The U.S. Department of Justice has charged the alleged developer and administrator of the RapperBot DDoS botnet, which was rented out to cybercriminals. The botnet itself was seized by law enforcement in early August as part of Operation PowerOff.
RapperBot (also known as Eleven Eleven and CowBot) was first discovered by Fortinet analysts in August 2021. At the time, it was reported that this Mirai-based botnet had been active since May 2021 and had infected tens of thousands of digital video recorders (DVRs) and routers.
The DDoS attacks carried out with its help had capacities ranging from 2 to 6 Tbps. In addition, in 2023 RapperBot was equipped with a cryptocurrency mining module, as its operator sought to diversify revenue streams and increase profits from compromised devices.
As the U.S. Department of Justice now reports, RapperBot was used to attack more than 18,000 targets in 80 countries worldwide, including U.S. government systems, major media platforms, and gaming and technology companies.
Amazon Web Services (AWS), which helped law enforcement track the botnet’s command infrastructure and provided information, reports that since April 2025 alone, RapperBot has carried out more than 370,000 attacks. The power of these attacks, which involved over 45,000 compromised devices across 39 countries, at times exceeded one billion packets per second (PPS).
Such attacks could cost victims thousands of U.S. dollars, even if they were short-lived, and often went hand in hand with extortion, the Justice Department notes.
“The indictment details that a DDoS attack with an average bandwidth of over two terabits per second, lasting 30 seconds, could cost a victim between $500 and $10,000,” the U.S. Department of Justice reports. “It is also known that some RapperBot clients engaged in extortion, using the botnet’s DDoS attacks to obtain money from victims.”
Charges of creating a botnet have now been filed against 22-year-old Ethan Foltz (Ethan Foltz) from the state of Oregon. He is believed to have created RapperBot and rented the botnet out to other threat actors who attacked various organizations.
Foltz has been charged with aiding and abetting computer crimes, which carries a maximum penalty of up to 10 years in prison if he is convicted. However, Foltz is currently free: he was served a summons requiring him to appear in court on a specified date.