Hacker behind “Rapper Bot” DDoS-for-hire Botnet which carried out over 370,000 attacks arrested

News
By published

The person is looking at a 10-year prison sentence, if convicted.

Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
(Image credit: Getty Images)
  • A 22-year-old Ethan Foltz was recently arrested
  • He's being suspected of building, and renting, an enormous DDoS-for-hire botnet called Rapper Bot
  • Since the arrest, there were no reports of new Rapper Bot activity

A 22-year-old Alaskan man has been arrested under the suspicion of building, maintaining, and renting “one of the most sophisticated and powerful DDoS-for-hire botnets currently in existence” - the infamous “Rapper Bot”.

The US Department of Justice (DoJ) announced law enforcement agents raided the home of Ethan Foltz of Eugene, Oregon, who was apparently arrested, while Rapper Bot was seized and terminated.

The DoJ also claimed the raid a success, as “private sector partners have not reported any Rapper Bot attacks since”.

10 years in prison

Foltz is now suspected of developing and distributing a unique piece of malware that infected Digital Video Recorders (DVRS) and WiFi routers.

That malware allegedly granted him control over almost 100,000 devices, which he used to build a Distributed Denial of Service (DDoS) botnet.

Together with his alleged co-conspirators (who weren’t named in the announcement and were most likely not arrested), he sold access to that botnet, which various cybercriminals used to mount DDoS attacks against different entities, including government agencies, social media platforms, and US tech companies.

According to the criminal complaint, just between April 2025 and today, Rapper Bot was used in 370,000 attacks against 18,000 victims, located in 80 countries around the world.

US Attorney Michael J. Heyman for the District of Alaska described Rapper Bot as “one of the most powerful DDoS botnets to ever exist.” The attacks measured up to three terabits per second, and in some cases even exceeded six terabits per second.

The announcement also said that a single, 30-second DDoS attack could cost a business up to $10,000 in different costs, from lost revenue, disgruntled customers, to bandwidth usage costs, or the resources needed to respond to attacks.

Foltz is charged with one count of aiding and abetting computer intrusions, and if convicted, he could spend the next 10 years in prison.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.