"Record DDoS Attacks: Unseen Botnet Emerges" - Ars Technica

Tech and Innovation
, , ,
1

Summary

Title: Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica

  • Botnet Overview: A new botnet named Eleven11bot, estimated to include about 30,000 webcams and video recorders, has been identified, with most of its nodes concentrated in the United States.
  • Attack Scale: Eleven11bot is purportedly delivering some of the largest DDoS (Denial-of-Service) attacks recorded, with peak data volumes reaching up to 6.5 terabits per second, surpassing the previous record of 5.6 Tbps.
  • Nature of DDoS Attacks: The botnet initiates hyper-volumetric attacks, consuming substantial bandwidth and impacting service availability across various sectors, including communications and gaming hosting.
  • Botnet Characteristics: This botnet’s growth appears sudden, with many participating IP addresses previously inactive in DDoS attacks. Eleven11bot may be a variant of the Mirai malware, which originally surfaced in 2016.
  • Geographic Distribution: The largest proportion of infected devices is located in the US (24.4%), followed by Taiwan (17.7%) and the UK (6.5%).
  • Exploitation Method: The Eleven11bot botnet utilizes a new exploit targeting specific digital video recorders, particularly those operating on HiSilicon chips.

Key Points:

  • Eleven11bot is a rapidly grown botnet consisting of 30,000 video recorders.
  • It has delivered unprecedented DDoS attacks, the largest being 6.5 Tbps.
  • The botnet predominantly affects US-based infrastructure and is likely related to the widely known Mirai malware.

Executive Summary

The Eleven11bot botnet has emerged as a significant security threat, comprised of approximately 30,000 video recorders, primarily in the US. It has been responsible for record-breaking DDoS attacks, with the highest peak reaching 6.5 terabits per second, effectively disrupting services across various sectors. The botnet appears suddenly, leveraging a new exploit similar to that of the infamous Mirai malware and indicates a substantial shift in DDoS attack strategies. Cybersecurity vigilance is crucial as this botnet continues to evolve and target critical infrastructures.

Archive Links:
12ft: https://12ft.io/https://arstechnica.com/security/2025/03/massive-botnet-that-appeared-overnight-is-delivering-record-size-ddoses/
archive.org: Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica
archive.is: https://archive.is/https://arstechnica.com/security/2025/03/massive-botnet-that-appeared-overnight-is-delivering-record-size-ddoses/
archive.ph: https://archive.ph/https://arstechnica.com/security/2025/03/massive-botnet-that-appeared-overnight-is-delivering-record-size-ddoses/
archive.today: https://archive.today/https://arstechnica.com/security/2025/03/massive-botnet-that-appeared-overnight-is-delivering-record-size-ddoses/

Original Link: https://arstechnica.com/security/2025/03/massive-botnet-that-appeared-overnight-is-delivering-record-size-ddoses/

User Message: Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica

For more on bypassing paywalls, see the post on bypassing methods