DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
4 hours ago
- #IoT
- #DDoS
- #Cybersecurity
- Aisuru botnet, the world's largest, primarily uses compromised IoT devices from U.S. ISPs like AT&T, Comcast, and Verizon.
- Recent attacks by Aisuru have reached unprecedented levels, with traffic floods peaking at nearly 30 trillion bits per second.
- The botnet consists of around 300,000 compromised devices, mostly consumer-grade routers, security cameras, and DVRs with outdated firmware.
- Aisuru's operators continuously scan for vulnerable IoT devices to enslave them for DDoS attacks, causing widespread internet disruptions.
- The botnet has shattered previous DDoS records, including a 29.6 terabits per second attack in October 2025.
- Aisuru's attacks have heavily targeted ISPs serving online gaming communities, leading to significant collateral damage.
- The botnet's composition has shifted, with a majority of infected devices now located in the U.S., complicating mitigation efforts.
- ISPs struggle with outbound DDoS attacks from their networks, which degrade service quality for all customers.
- Aisuru is built on leaked Mirai botnet code and is rumored to use zero-day vulnerabilities to expand rapidly.
- The botnet's operators include individuals known as 'Snow,' 'Tom,' and 'Forky,' who are involved in development, vulnerability research, and sales.
- Forky, linked to previous DDoS-for-hire services, denies direct involvement in Aisuru's attacks despite evidence.
- Efforts to dismantle competing botnets like Rapper Bot have inadvertently strengthened Aisuru by adding orphaned devices to its network.
- Home users can detect compromised devices by monitoring unusual network traffic or using tools like Bitmeter, but mitigation remains challenging.
- Experts suggest stricter regulations and ISP-level interventions to curb the proliferation of vulnerable IoT devices.