Your home router, security camera, or DVR may have spent the last several months helping criminals attack hospitals, businesses, and even U.S. military systems — without you ever knowing it happened.
On March 19, 2026, the FBI and law enforcement agencies from the US, Germany, and Canada shut down four massive criminal networks made up almost entirely of ordinary home and small-business devices. The devices weren’t stolen. They were hijacked — quietly, invisibly — while sitting in your living room or utility closet, blinking their little green lights like nothing was wrong.
Here’s what actually happened, how to find out if your devices were involved, and what to do about it.
What Happened — In Plain English
Hackers built what’s called a “botnet” — a secret army of compromised devices they control remotely. But instead of using powerful computers, they built their armies out of millions of cheap, easy-to-hack devices: home DVRs, security cameras, and WiFi routers.
Why those devices? Because they’re everywhere, they’re almost never updated, and most people never check them for problems. They sit on your network doing their job — recording footage, routing your internet — while silently doing the hackers’ dirty work in the background.
These four botnet networks — named Aisuru, KimWolf, JackSkid, and Mossad by researchers — had infected more than 3 million devices worldwide, including hundreds of thousands in the United States. The criminals rented out access to this army of hijacked devices to other criminals, who used them to launch overwhelming cyberattacks — called DDoS attacks — against businesses and organizations.
The attacks were measured at up to 30 terabits per second. To put that in perspective: it’s like three million fire hoses pointed at a single building simultaneously. Websites go down. Businesses lose money. In some cases, victims were extorted: pay up, or we keep the attack running.
Law enforcement shut the operation down by seizing the criminal servers that controlled all those infected devices. The criminals can no longer send commands to your devices. But here’s the important part: the criminals’ servers are gone, but the infection on your device may still be there.
Which Devices Were Targeted
The botnets specifically went after:
- Home DVRs (the boxes that record footage from your security cameras)
- IP security cameras (the kind that connect to your WiFi or home network)
- WiFi routers (your home internet router, especially older models)
These devices are targeted because they tend to run outdated software, face the internet directly, and are almost never checked by their owners. If you have any of these devices — especially older ones from brands like Hikvision, Dahua, TP-Link, Netgear, D-Link, or similar — pay attention to the next section.
How to Tell If Your Device Was Infected
You probably won’t find a smoking gun, but here are the signs worth checking:
Your internet feels slower than usual. When a device is part of a botnet attack, it uses your internet bandwidth without you knowing. If your connection has been sluggish for no obvious reason, that’s worth investigating.
Your router or DVR is running unusually hot. Devices participating in attacks work hard. If something feels warmer than it should, that’s a sign of unusual activity.
Your router’s admin page shows unknown connected devices. Log into your router (usually 192.168.1.1 or 192.168.0.1 in a browser — check the label on the bottom of your router). Look at the list of connected devices. See anything you don’t recognize?
Your device’s firmware hasn’t been updated in years. Most botnet infections exploit old, unpatched vulnerabilities. If your DVR or camera is running software from 2020 or earlier, it was almost certainly vulnerable.
You’re using default passwords. If you never changed the username and password on your router, camera, or DVR from the factory default (admin/admin, admin/password, or whatever came on the box), your device was an easy target.
If any of these apply, treat your device as potentially compromised.
What to Do RIGHT NOW
Don’t panic — but do act. Here’s the order of operations:
1. Change your passwords immediately. Log in to your router, DVR, and cameras and change the admin password to something strong and unique. This alone blocks the most common reinfection methods.
2. Reboot your router and DVR. A reboot clears some types of infection from memory. It’s not a complete fix, but it’s a fast first step. Unplug, wait 30 seconds, plug back in.
3. Update the firmware. Check the manufacturer’s website for your device model and install the latest update. This patches the vulnerabilities the botnet used to get in. If your device no longer receives updates, it needs to be replaced — it will keep getting reinfected.
4. Factory reset if you’re unsure. If your device has been behaving strangely, do a factory reset and set it up fresh with a strong password and current firmware.
5. Check if your brand was flagged. Common botnet targets include older TP-Link routers, Hikvision and Dahua IP cameras, and generic DVR brands. Search “[your device brand] botnet 2026” to see if your model was specifically named.
How to Protect Your Devices Going Forward
Keep firmware updated. Set a calendar reminder every three months to check for updates on your router, cameras, and DVR. Takes five minutes. Closes a huge attack surface.
Change default credentials on every new device. Before you even set up a new smart device, change the username and password. Every device. Every time.
Segment your IoT devices onto a separate network. Most modern routers support a guest network or IoT VLAN. Put your cameras, DVR, and smart home devices on a separate network from your computers and phones. If a camera gets compromised, it can’t reach your laptop.
Replace old devices. If your device is more than 5-7 years old and the manufacturer no longer issues updates, it’s a liability. The $60 replacement cost is much cheaper than a compromised network.
The Bottom Line
Your home devices are valuable targets — not because of the data on them, but because of the internet connection they sit on. Criminals don’t care about your DVR footage. They care that your DVR can be turned into a weapon.
Law enforcement just took out four of the biggest criminal networks using these devices. The bad news: the next botnet is already being built, targeting the same unpatched devices sitting on the same home networks.
The only reliable defense is the boring stuff: updated firmware, strong passwords, and devices you replace before they’re ancient.
Want the full technical breakdown of how Operation PowerOFF went down? Read our detailed coverage at Breached Company.
