A 22-year-old hacker was charged in the US for allegedly creating and operating a powerful botnet-for-hire service known as “Rapper Bot,” which authorities say was responsible for hundreds of thousands of large-scale cyberattacks worldwide since 2021.
According to court documents, Ethan Foltz was identified as the primary administrator of the botnet, also known as “Eleven Eleven Botnet” and “CowBot.” The operation targeted and infected internet-connected devices such as digital video recorders (DVRs) and Wi-Fi routers, using them to launch distributed denial-of-service (DDoS) attacks on victims across more than 80 countries.
Federal investigators allege that Foltz and co-conspirators sold access to the botnet to paying clients, who used it to carry out over 370,000 DDoS attacks between April 2025 and the present. Targets included a US government network, a major social media platform, and numerous American tech companies.
The botnet reportedly harnessed between 65,000 and 95,000 infected devices at a time, generating attack volumes that typically reached two to three terabits per second, with some attacks possibly exceeding six terabits per second. Investigators confirmed that at least five of the compromised devices were located in Alaska.
The attacks caused significant financial damage, costing victims from hundreds to tens of thousands of dollars per incident. Some clients of Rapper Bot allegedly used the service to extort targets by threatening or launching attacks.
On August 6, 2025, federal agents executed a search warrant at Foltz’s Oregon residence. They successfully shut down Rapper Bot’s operations and transferred control of the botnet to the Defense Criminal Investigative Service (DCIS).
Foltz has been charged with one count of aiding and abetting computer intrusions. If convicted, he faces up to 10 years in federal prison.