{
	"id": "e8fd14fa-601e-4bfc-82d2-0d578159274d",
	"created_at": "2026-04-06T00:17:45.293509Z",
	"updated_at": "2026-04-10T03:20:52.526302Z",
	"deleted_at": null,
	"sha1_hash": "19d16eae14efc343816cceb24b1924f62bbc01f9",
	"title": "Agents raid home of Kansas man seeking info on botnet that infected DOD network",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 186421,
	"plain_text": "Agents raid home of Kansas man seeking info on botnet that\r\ninfected DOD network\r\nBy Catalin Cimpanu\r\nPublished: 2022-12-09 · Archived: 2026-04-05 21:10:57 UTC\r\nUS military investigators have raided the home of a Kansas man looking for information about a crypto-mining\r\nbotnet that has infected US Air Force servers.\r\nThe raid is related to a November 2020 security breach that impacted the US Air Force Office of Special\r\nInvestigations (OSI), the Air Force's internal law enforcement agency.\r\nOn November 16, 2020, OSI said one of its engineers found a cryptominer on one of its servers during a routine\r\nmaintenance operation.\r\nThe crypto-mining malware, which was running at full capacity, had blocked the server altogether, which was\r\nfailing to process valid requests.\r\nOSI investigators identified the malware as a version of the Outlaw botnet [1, 2, 3], also known as PerlBot or\r\nShellBot. They also tracked down an IP address that had attempted to connect to the OSI server 38 times in what\r\nAir Force investigators called an SSH brute-force attack.\r\nUsing a subpoena, OSI traced the IP address at the time of the attacks to a Raspberry Pi device running the\r\nRaspbian OS, on Google Fiber account, and a residential address in the city of Olathe, Kansas.\r\nOn May 4, law enforcement agents raided the Olathe home, from where they seized several computers, an iPhone,\r\nbut also five Raspberry Pi devices.\r\nhttps://therecord.media/agents-raid-home-of-kansas-man-seeking-info-on-botnet-that-infected-dod-network/\r\nPage 1 of 3\n\nWhile court documents shared by a source with The Record include the home owner's name, a DevOps engineer\r\nwith government contractor NIC, we will not be naming the man for this article.\r\nDue to how most crypto-mining botnets are designed today, it is unclear if the man was operating the botnet or if\r\ntheir device was merely infected with the Outlaw malware, which then abused the Raspberry Pi system to carry\r\nout brute-force attacks without the owner's knowledge, in attempts to find new systems to infect.\r\nAir Force investigators are currently forensically searching the seized devices for evidence that the man was\r\noperating the botnet.\r\nOSI officials have not filed formal charges against the Kansas man.\r\nSecond incident of its kind\r\nThe November 2020 incident is the second time that a cryptocurrency mining botnet has infected a part of the\r\nDepartment of Defense (DOD) network.\r\nA first case was reported via the DOD's bug bounty program in February 2020. At the time, a bug hunter found\r\nthat a crypto-miner botnet had used a misconfigured Jenkins automation server to plant its malicious scripts on\r\nAmazon web servers managed by the DOD.\r\nhttps://therecord.media/agents-raid-home-of-kansas-man-seeking-info-on-botnet-that-infected-dod-network/\r\nPage 2 of 3\n\nNo previous article\r\nNo new articles\r\nCatalin Cimpanu\r\nis a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement\r\nactions against hackers.\r\nSource: https://therecord.media/agents-raid-home-of-kansas-man-seeking-info-on-botnet-that-infected-dod-network/\r\nhttps://therecord.media/agents-raid-home-of-kansas-man-seeking-info-on-botnet-that-infected-dod-network/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://therecord.media/agents-raid-home-of-kansas-man-seeking-info-on-botnet-that-infected-dod-network/"
	],
	"report_names": [
		"agents-raid-home-of-kansas-man-seeking-info-on-botnet-that-infected-dod-network"
	],
	"threat_actors": [],
	"ts_created_at": 1775434665,
	"ts_updated_at": 1775791252,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/19d16eae14efc343816cceb24b1924f62bbc01f9.pdf",
		"text": "https://archive.orkl.eu/19d16eae14efc343816cceb24b1924f62bbc01f9.txt",
		"img": "https://archive.orkl.eu/19d16eae14efc343816cceb24b1924f62bbc01f9.jpg"
	}
}