Global Crackdown Dismantles 4 Botnets Behind Major DDoS Attacks Global crackdown dismantles Aisuru, KimWolf, JackSkid and Mossad botnets behind major DDoS attack campaigns targeting millions of devices worldwide.

📢 Global crackdown dismantles Aisuru, KimWolf, JackSkid, and Mossad botnets behind major DDoS attack campaigns targeting millions of devices worldwide.

Read: hackread.com/crackdown-di...

#CyberSecurity #CyberCrime #DDoS #Mossad #Aisuru #Botnet

📰 Operasi Internasional Lumpuhkan Jaringan Botnet DDoS Terbesar di Dunia

👉 Baca artikel lengkap di sini: ahmandonk.com/2026/03/22/operasi-inter...

#aisuru #akamai #beritaTeknologi #botnetDdos #fbi #jackskid #keamananSiber #kimwolf #mossad

US Takes Down Botnets Used in Record-Breaking Cyberattacks The Aisuru, Kimwolf, JackSkid, and Mossad botnets had infected more than 3 million devices in total, many inside home networks, according to the US Justice Department.

US Takes Down Botnets Used in Record-Breaking Cyberattacks

www.wired.com/story/us-takes-down-botn...

#botnet #cybersecurity #Aisuru #Kimwolf #JackSkid #Mossad

Sicherheitsbehörden in Nordamerika und Deutschland haben mit Aisuru und Kimwolf zwei der weltweit größten Botnetze zerschlagen. Die Botschaft ist klar: Internationale Zusammenarbeit der Behörden kann auch im Cyberraum spürbare Wirkung entfalten. #DDoS #CyberCrime #Aisuru #Kimwolf

Original post on cyberscoop.com

Justice Department disrupts botnet networks that hijacked 3 million devices The Aisuru, Kimwolf, JackSkid and Mossad botnets enabled cybercriminals to initiate thousands of attacks. A crackdown tar...

#Cybercrime #Cybersecurity #Government #Research #Threats […]

[Original post on cyberscoop.com]

International joint action disrupts world’s largest DDoS botnets U.S., German, and Canadian authorities dismantled command-and-control infrastructure used by the Aisuru, KimWolf, JackSkid, and Mossad botnets that had infected millions of IoT devices and launched hundreds of thousands of DDoS attacks. The takedown targeted virtual servers, domains, and other resources after record-setting assaults — including Aisuru's 31.4 Tbps, 200 million RPS attack — to prevent further infections and attacks on victims such as the Department of Defense Information Network. #Aisuru #DoDIN

U.S., German, and Canadian authorities dismantled command centers of Aisuru, KimWolf, JackSkid, and Mossad botnets that infected millions of IoT devices and launched massive DDoS attacks, including a record 31.4 Tbps strike. #Aisuru #DDoSAttack

Original post on securityweek.com

Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation The lesser-known JackSkid and Mossad botnets have also been targeted in the operation. The post Aisuru and Kimwolf DDoS Botnets ...

#Cybercrime #IoT #Security #Tracking #& #Law […]

[Original post on securityweek.com]

Original post on infosec.exchange

One custom RC4 seed led us to four botnets, five C2 channels, and a developer who shipped their Windows username and Cursor IDE logs with their malware.

Equal parts cryptography, thread-pulling, and easter eggs […]

AISURU/Kimwolf botnet launches record-breaking 31.4 Tbps DDoS attack, highlighting the escalating scale of cyber threats. #CyberSecurity #DDoS #AISURU #Kimwolf #Cloudflare #Google Link: thedailytechfeed.com/aisuru-kimwo...

Aisuru botnet sets new record with 31.4 Tbps DDoS attack The Aisuru/Kimwolf botnet launched a new massive distributed denial of service (DDoS) attack in December 2025, peaking at 31.4 Tbps and 200 million requests per second.

#Aisuru #botnet sets new record with 31.4 Tbps #DDoS attack

www.bleepingcomputer.com/news/security/aisuru-bot...

#cybersecurity

Aisuru botnet breaks DDoS record with 31.4 Tbps attack The Aisuru/Kimwolf botnet has set a new record with a DDoS attack of 31.4 Tbps and 200 million requests per second. The attack took place on D...

#Security #Aisuru #botnet #Cloudflare #cybersecurity #DDos #Kimwolf

Origin | Interest | Match

Researchers Disrupt Major Botnet Network After It Infects Millions of Android Devices   Security researchers have dismantled a substantial portion of the infrastructure powering the Kimwolf and Aisuru botnets, cutting off communication to more than 550 command-and-control servers used to manage infected devices. The action was carried out by Black Lotus Labs, the threat intelligence division of Lumen Technologies, and began in early October 2025. Kimwolf and Aisuru operate as large-scale botnets, networks of compromised devices that can be remotely controlled by attackers. These botnets have been used to launch distributed denial-of-service attacks and to route internet traffic through infected devices, effectively turning them into unauthorized residential proxy nodes. Kimwolf primarily targets Android systems, with a heavy concentration on unsanctioned Android TV boxes and streaming devices. Prior technical analysis showed that the malware is delivered through a component known as ByteConnect, which may be installed directly or bundled into applications that come preloaded on certain devices. Once active, the malware establishes persistent access to the device. Researchers estimate that more than two million Android devices have been compromised. A key factor enabling this spread is the exposure of Android Debug Bridge services to the internet. When left unsecured, this interface allows attackers to install malware remotely without user interaction, enabling rapid and large-scale infection. Follow-up investigations revealed that operators associated with Kimwolf attempted to monetize the botnet by selling access to the infected devices’ internet connections. Proxy bandwidth linked to compromised systems was offered for sale, allowing buyers to route traffic through residential IP addresses in exchange for payment. Black Lotus Labs traced parts of the Aisuru backend to residential SSH connections originating from Canadian IP addresses. These connections were used to access additional servers through proxy infrastructure, masking malicious activity behind ordinary household networks. One domain tied to this activity briefly appeared among Cloudflare’s most accessed domains before being removed due to abuse concerns. In early October, researchers identified another Kimwolf command domain hosted on infrastructure linked to a U.S.-based hosting provider. Shortly after, independent reporting connected multiple proxy services to a now-defunct Discord server used to advertise residential proxy access. Individuals associated with the hosting operation were reportedly active on the server for an extended period. During the same period, researchers observed a sharp increase in Kimwolf infections. Within days, hundreds of thousands of new devices were added to the botnet, with many of them immediately listed for sale through a single residential proxy service. Further analysis showed that Kimwolf infrastructure actively scanned proxy services for vulnerable internal devices. By exploiting configuration flaws in these networks, the malware was able to move laterally, infect additional systems, and convert them into proxy nodes that were then resold. Separate research uncovered a related proxy network built from hundreds of compromised home routers operating across Russian internet service providers. Identical configurations and access patterns indicated automated exploitation at scale. Because these devices appear as legitimate residential endpoints, malicious traffic routed through them is difficult to distinguish from normal consumer activity. Researchers warn that the abuse of everyday consumer devices continues to provide attackers with resilient, low-visibility infrastructure that complicates detection and response efforts across the internet.

Researchers Disrupt Major Botnet Network After It Infects Millions of Android Devices #Aisuru #Android #Botnets

Who Benefited from the Aisuru and Kimwolf Botnets? Our first story of 2026 revealed how a destructive new botnet called Kimwolf rapidly grew to infect more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we'll dig through digital clues left…

Who Benefited from the #Aisuru and #Kimwolf Botnets?

krebsonsecurity.com/2026/01/who-benefited-fr...

#botnet #cybersecurity

The Kimwolf Botnet is Stalking Your Local Network The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it's time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal network behind your Internet router probably is now dangerously out of date.

Happy 16th Birthday, KrebsOnSecurity.com! KrebsOnSecurity.com celebrates its 16th anniversary today! A huge "thank you" to all of our readers -- newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a primary focus on entities that enabled complex and globally-dispersed cybercrime services.

Original post on securityaffairs.com

Massive Android botnet Kimwolf infects millions, strikes with DDoS The Kimwolf Android botnet has infected 1.8M+ devices, launching massive DDoS attacks and boosting its C&C domain, says XLab. ...

#Breaking #News #Cyber #Crime #Malware #Aisuru #Android […]

[Original post on securityaffairs.com]

Aisuru Botnet Unleashes Record 29.7 Tbps DDoS Attack  A new record-breaking 29.7 Tbps distributed denial-of-service (DDoS) attack launched via the Aisuru botnet has set a new standard for internet disruption and reinforced that multi-terabit attacks are on track to soon be an everyday event for DDoS defenders. According to Cloudflare’s latest DDoS threats report, Aisuru launched an intense hyper-volumetric DDoS on a network layer with traffic that reached 29.7 Tbps and 14.1 billion packets per second, reaching new heights beyond previous records that topped 22 Tbps.  The DDoS attack employed a UDP ‘carpet bombing’ technique that targeted 15,000 destination ports every second with random packet components constantly varying so as not to get filtered out at traditional scrubbing centers. Despite these efforts, Cloudflare reports that Aisuru traffic took mere seconds for an autonomous mitigation system to identify and remove.  Behind the incident is a botnet Cloudflare now estimates at 1 million to 4 million compromised devices, making Aisuru the biggest DDoS botnet in active circulation. Since the start of 2025, Cloudflare has mitigated 2,867 Aisuru incidents, with 1,304 hyper-volumetric attacks in the third quarter alone - a 54% quarter-over-quarter increase that equates to about 14 mega-events a day. Segments of the botnet are openly leased as "chunks", allowing buyers to rent enough power to take down backbone connections or perhaps even national ISPs for mere hundreds or thousands of dollars apiece. Cloudflare thwarted a total of 8.3 million DDoS attacks in the third quarter of 2025, a 15% increase from the prior quarter and 40% year-over-year, while marking the 2025 year-to-date total at 36.2 million - already 170% of all attacks recorded in 2024 and still one full quarter away.  About 71% of Q3 attacks were network-layer traffic, which soared 87% QoQ and 95% YoY, while HTTP-layer events fell 41% QoQ and 17% YoY, indicating a strategic swing back to pure bandwidth and transport-layer exhaustion. The extremes are picked up the most: incidents over 100 Mpps jumped 189% QoQ, and those above 1 Tbps increased by 227%, though many ended within 10 minutes, too late for any effective intervention by manual actions or DDoS-on-demand mitigation programs. Collateral damage continues to escalate as well. KrebsOnSecurity reports Aisuru-driven traffic has already caused severe outages at U.S. internet services not targeted as main victims. Cloudflare data shows Aisuru and actors like it have targeted telecoms, gaming, hosting, and financial services intensely. Information Technology and Services, telecoms, gambling and casinos are among the toughest hit sectors in Q3.  Geopolitics and societal unrest are increasingly reflected in attack behavior. DDoS traffic against generative AI service providers jumped as high as 347% month-over-month in September, and DDoS attacks on mining, minerals and metals, and autos failed to lag as tensions escalated involving EV tariffs and China and the EU. Indonesia continues as source number one for DDoS traffic, registering an astonishing 31,900% increase in HTTP DDoS requests since 2021, and there were sharp increases in Q3 2025 for the Maldives, France, and Belgium, reflecting massive protests and worker walkouts. China stayed the most‑targeted country, followed by Turkey and Germany, with the United States climbing to fifth and the Philippines showing the steepest rise within the top 10, underscoring how modern DDoS campaigns now track political flashpoints, public anger, and regulatory fights over AI and trade almost in real time.

Aisuru Botnet Unleashes Record 29.7 Tbps DDoS Attack #Aisuru #Botnet #Cloudfare

a diagram of how a ddos attack works with a blue background ALT: a diagram of how a ddos attack works with a blue background

Riesiges Botnetz attackiert mit beispielloser Datenflut
glm.io/202900?n #Cybercrime #Botnetz #Aisuru #DDOS

Riesiges Botnetz attackiert mit beispielloser Datenflut
https://glm.io/202900?n #Cybercrime #Botnetz #Aisuru #DDOS

Cloudflare mitigates record-breaking 29.7 Tbps DDoS attack from AISURU botnet, highlighting the escalating scale of cyber threats. #CyberSecurity #DDoS #AISURU #Cloudflare Link: thedailytechfeed.com/cloudflare-m...

Cette immense armée de bots a manqué l'un des plus gros coups cyber de tous les temps Le 3 décembre 2025, Cloudflare a publié son rapport trimestriel sur les menaces liées aux attaques DDoS. L'occasion pour l'entreprise américaine de revenir sur une opération menée par l'immense botnet...

En 3 mois, cette immense armée zombie aurait mené plus de 1 300 attaques DDoS.
L’une d’elles menée par l’immense botnet #Aisuru,
aurait établi un nouveau record 🌎 atteignant un pic fulgurant de 29,7 térabits/sec
L’opération n’a duré que 69 secondes!

www.numerama.com/cyberguerre/...

Cloudflare Blocks Aisuru Botnet Powered Largest Ever 29.7 Tbps DDoS Attack Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

⚠️ Aisuru botnet was used in largest ever 29.7 Tbps DDoS attack but Cloudflare blocked it before it could cause wider harm.

Read: hackread.com/cloudflare-a...

#Aisuru #Botnet #DDoS #Cloudflare #Cybersecurity #InfoSec

Cloudflare's Q3 DDoS Threat Report @cloudflare.social

The Aisuru botnet has up to 4M IoT devices

and it just launched another record breaker.

A 29.7 Tbps DDoS attack

blog.cloudflare.com/ddos-threat-...

#CyberSecurity #Botnet #DDoS #Aisuru #IoT

Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts attack targeted read more about Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts

Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts reconbee.com/record-29-7-...

#DDoS #Aisuru #botnet #cyberattack #CybersecurityNews #cybersecurity

📰 Botnet Aisuru Catat Rekor Serangan DDoS 29,7 Tbps

👉 Baca artikel lengkap di sini: ahmandonk.com/2025/12/03/aisuru-botnet...

#aisuru #attack #azure #botnet #cloudflare #cybersecurity #ddos #indonesia #iot

How Aisura 'Turbo Mirai' Botnet Reshaped Mobile DDoS Warfare The Multi-Terabit Battlefield: How Aisura 'Turbo Mirai' Botnet Reshaped Mobile DDoS Warfare On November 18, 2025, a massive Cloudflare service interruption took down major platforms worldwide, including X, ChatGPT, Shopify, and various critical transit services. Given the intense, ongoing cyber conflict, initial speculation immediately pointed toward a successful, hyper-volumetric Distributed Denial-of-Service (DDoS) attack. Cloudflare has recently been at the forefront of blocking unprecedented assaults from notorious botnets, including Mirai and the newer, "TurboMirai-class" Aisuru botnet. The company successfully mitigated record-breaking Mirai-variant attacks measured at 5.6 Tbps (October 2024) and 7.3 Tbps (May 2025). Furthermore, the Aisuru botnet, which is responsible for hitting Microsoft Azure with a 15.72 Tbps DDoS attack, was also linked to a 22.2 Tbps attack mitigated by Cloudflare in September 2025. Aisuru operators were even caught attempting to manipulate Cloudflare’s public domain rankings using malicious query traffic. This track record provided a clear motive for a potential reprisal. However, Cloudflare’s official investigation quickly dispelled fears of a successful cyberattack. Cloudflare CTO Dane Knecht confirmed that the incident was not an attack, but rather an internal issue. The cause was identified as a "latent bug" in a service underpinning Cloudflare’s bot mitigation capability that started to crash following a routine configuration change. This technical flaw cascaded into a broad degradation across the network. Cloudflare CEO Matthew Prince later noted that this was the worst outage the company had experienced since 2019. This incident highlights that while automated security platforms like Cloudflare can defend against 20+ Tbps DDoS attacks, they remain vulnerable to complex internal technical flaws and configuration management errors. Keywords Cloudflare outage, DDoS, Aisuru Botnet, Mirai, Configuration error, Latent bug, Dane Knecht, November 2025, IoT security, Incident Response, Cyberattack, Network Security, Cloud Security. Hashtags       #ConfigurationManagement #IncidentResponse #CloudSecurity #IoT Related Links & Sources To read more about the incident and the cyber threat landscape, please refer to the following: - Cloudflare Outage Not Caused by Cyberattack (SecurityWeek): - Microsoft: Azure hit by 15 Tbps DDoS attack using 500,000 IP addresses: - Cloudflare’s official report on the November 18, 2025 outage: - Discussion on the configuration file bug: - TurboMirai-Class ‘Aisuru’ Botnet Blamed for 20+ Tbps DDoS Attacks: Sponsor Message Today’s episode is brought to you by https://approov.com. In an era where botnets like Aisuru are exploiting every vulnerability, securing your APIs and endpoints is paramount. Approov provides essential mobile app and API protection, ensuring that only trusted, legitimate clients can connect to your back-end services, providing a crucial layer of defense against sophisticated automated attacks. Learn more about protecting your mobile infrastructure at approov.com.

📣 New Podcast! "How Aisura 'Turbo Mirai' Botnet Reshaped Mobile DDoS Warfare" on @Spreaker #aisuru #botnet #cloudflare #cybersecurity #ddos #mirai

Original post on infosec.exchange

An awesome guest post: Botnets Never Die on the creativity of #malware developers to be found at #APNIC. It covers details to the #AisuruBotnet, The #AIRASHIBotnet, and how their #C2 communication #protocol works.

Apparnetly, the heartbeat is a client sending `cat` to the C2 server, and the […]

'Largest-ever' cloud DDoS attack pummels Azure : Aisuru botnet strikes again, bigger and badder

"Azure was hit by the 'largest-ever' cloud-based distributed denial of service (DDoS) attack, originating from the #Aisuru #botnet and measuring 15.72 terabits per second (Tbps), according to #Microsoft." #Azure #DDoS #CyberAttack #CyberSecurity
www.theregister.com/2025/11/17/b...

Microsoft successfully mitigates a record-breaking 15.72 Tbps DDoS attack from the AISURU botnet, highlighting the escalating scale of cyber threats. #CyberSecurity #DDoS #Microsoft #AISURU Link: thedailytechfeed.com/microsoft-mi...