Botnets

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Take Over TBK DVRs for DDoS Botnet Operations

Cybersecurity researchers have uncovered a new wave of attacks where threat actors are exploiting vulnerabilities in TBK digital video recorders and outdated TP-Link routers to deploy a powerful Mirai-based botnet. The findings were reported by Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. Exploitation of TBK DVR Devices The attack specifically targets TBK DVR systems by abusing CVE-2024-3721, […]

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Take Over TBK DVRs for DDoS Botnet Operations Read More »

Russian Hacker Sentenced to 2 Years for TA551 Botnet Ransomware Attacks

A Russian cybercriminal has been sentenced in the United States for his involvement in operating a botnet that played a key role in launching ransomware attacks against multiple organizations. Authorities confirmed that Ilya Angelov, aged 40 and originally from Tolyatti, received a two-year prison sentence along with a $100,000 fine. He was known online by aliases such as “milan”

Russian Hacker Sentenced to 2 Years for TA551 Botnet Ransomware Attacks Read More »

Authorities Take Down SocksEscort Proxy Botnet Using 369,000 IPs Across 163 Countries

A coordinated international law enforcement operation has dismantled a large scale criminal proxy network known as SocksEscort botnet, which hijacked thousands of residential routers around the world and used them for cybercrime activities. According to the U.S. Department of Justice (DoJ), the proxy service infected internet routers used by homes and small businesses with malicious software.

Authorities Take Down SocksEscort Proxy Botnet Using 369,000 IPs Across 163 Countries Read More »

KadNap Malware

KadNap Malware Compromises Over 14,000 Edge Devices to Build Stealth Proxy Botnet

Cybersecurity researchers have uncovered a sophisticated malware campaign involving a threat dubbed KadNap, which primarily targets Asus routers and other edge devices to build a stealthy proxy botnet. The malware has compromised over 14,000 devices globally, with more than 60% of infections in the U.S., according to Black Lotus Labs at Lumen. KadNap uses a custom implementation of the Kademlia Distributed

KadNap Malware Compromises Over 14,000 Edge Devices to Build Stealth Proxy Botnet Read More »

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Avoid Takedown

Cybersecurity researchers have uncovered a sophisticated botnet loader named Aeternum C2 that leverages blockchain technology to maintain a resilient and takedown resistant command and control infrastructure. Instead of relying on conventional domains or centralized servers, the malware stores encrypted instructions directly on the Polygon blockchain. According to research published by Qrator Labs, this strategy enables

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Avoid Takedown Read More »

SSHStalker Botnet Controls Linux Systems via IRC C2 and Legacy Kernel Exploits

Cybersecurity researchers have uncovered a newly identified botnet operation named SSHStalker, which leverages the Internet Relay Chat, IRC, protocol as its command-and-control infrastructure. The campaign specifically targets Linux systems by exploiting outdated kernel vulnerabilities, many of which date back more than a decade. According to security firm Flare, the operation combines stealth-focused techniques with older Linux

SSHStalker Botnet Controls Linux Systems via IRC C2 and Legacy Kernel Exploits Read More »

AISURU and Kimwolf Botnet Launch Record-Breaking 31.4 Tbps DDoS Attack

Cybersecurity researchers have attributed a record-breaking distributed denial-of-service attack to the AISURU and Kimwolf botnet, which generated traffic peaks of 31.4 terabits per second and lasted approximately 35 seconds, making it one of the largest DDoS attacks ever recorded. Cloudflare confirmed that the attack occurred in November 2025 and was automatically detected and mitigated by its systems. The company said the incident

AISURU and Kimwolf Botnet Launch Record-Breaking 31.4 Tbps DDoS Attack Read More »

Google Disrupts IPIDEA, One of the World’s Largest Residential Proxy Networks

Google has announced the disruption of IPIDEA, widely recognized as one of the largest residential proxy networks in operation. The takedown involved legal actions to seize dozens of domains used to control infected devices and route proxy traffic, rendering IPIDEA’s main website (www.ipidea.io) inaccessible. IPIDEA previously promoted itself as a leading IP proxy provider, claiming

Google Disrupts IPIDEA, One of the World’s Largest Residential Proxy Networks Read More »

Researchers Null-Route More Than 550 Kimwolf and Aisuru Botnet Command Servers

Security researchers have disrupted a major botnet operation after null-routing traffic linked to more than 550 command-and-control servers tied to the AISURU and Kimwolf botnets. The takedown was carried out by Black Lotus Labs, the threat intelligence arm of Lumen Technologies, and began in early October 2025. These botnets have rapidly grown into some of the largest active malicious

Researchers Null-Route More Than 550 Kimwolf and Aisuru Botnet Command Servers Read More »

GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials

A renewed wave of GoBruteforcer activity has been observed targeting databases linked to cryptocurrency and blockchain projects. The campaign aims to hijack vulnerable servers and enroll them into a botnet capable of brute forcing user credentials for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux based systems. Campaign Drivers and Initial Findings According

GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials Read More »