European DDoS scrubbing provider targeted in 1.5 Gpps attack
Service Disruption
Summary
Hide ▲
Show ▼
A European DDoS scrubbing provider was hit by a 1.5 billion packets per second flood that threatened service availability but was mitigated in real time. The attack came from thousands of IoT devices and MikroTik routers, showing a broad distributed source base. The provider used access control lists and its scrubbing facility to absorb and filter the traffic. The event underscores how large packet-rate floods can pressure even specialized availability defenses.
Related Happenings
Kimwolf IoT botnet activity disrupting I2P
Malware Activity
First: 11.02.2026 18:08
Last: 11.02.2026 18:08
Sources 1
About this happening:
The **Kimwolf** botnet disrupted **I2P** over the past week after operators tried to join **700,000 infected bots** as nodes, briefly overwhelming the anonymity network and disrup...
Kimwolf IoT botnet activity disrupting I2P
Malware ActivityAbout this happening: The **Kimwolf** botnet disrupted **I2P** over the past week after operators tried to join **700,000 infected bots** as nodes, briefly overwhelming the anonymity network and disrup...
2025 DDoS surge targets telecommunications, service providers, and carriers
Target Trend
First: 05.02.2026 19:25
Last: 05.02.2026 19:25
Sources 1
About this happening:
**Cloudflare** reports that the **2025 DDoS surge** has continued into **Q3 2025**, with the **Aisuru botnet** driving more than **1,300 attacks** in three months and a record pea...
2025 DDoS surge targets telecommunications, service providers, and carriers
Target TrendAbout this happening: **Cloudflare** reports that the **2025 DDoS surge** has continued into **Q3 2025**, with the **Aisuru botnet** driving more than **1,300 attacks** in three months and a record pea...
AISURU/Kimwolf hyper-volumetric DDoS botnet activity
Malware Activity
First: 05.02.2026 19:25
Last: 05.02.2026 19:25
Sources 1
About this happening:
The **AISURU/Kimwolf** botnet is a **malware activity** cluster tied to **hyper-volumetric DDoS attacks** and large-scale device conscription. On **2025-12-04**, Cloudflare said i...
AISURU/Kimwolf hyper-volumetric DDoS botnet activity
Malware ActivityAbout this happening: The **AISURU/Kimwolf** botnet is a **malware activity** cluster tied to **hyper-volumetric DDoS attacks** and large-scale device conscription. On **2025-12-04**, Cloudflare said i...
Latest development: 20.03.2026 08:25
The U.S. Department of Justice disrupted command-and-control infrastructure used by AISURU, Kimwolf, JackSkid, and Mossad in a court-authorized law-enforcement operation, with support from Akamai, Amazon Web Services, Cloudflare, DigitalOcean, Google, Lumen, Nokia, Okta, Oracle, PayPal, SpyCloud, Synthient, Team Cymru, Unit 221B, and QiAnXin XLab.
Kimwolf botnet infects Android TV streaming boxes for DDoS and proxy abuse
Malware Activity
First: 09.01.2026 01:23
Last: 09.01.2026 01:23
Sources 1
About this happening:
**Kimwolf/Aisuru botnet** activity now spans **Android TV streaming devices** and **record-setting DDoS attacks**. Cloudflare says the latest campaign, **“The Night Before Christm...
Kimwolf botnet infects Android TV streaming boxes for DDoS and proxy abuse
Malware ActivityAbout this happening: **Kimwolf/Aisuru botnet** activity now spans **Android TV streaming devices** and **record-setting DDoS attacks**. Cloudflare says the latest campaign, **“The Night Before Christm...
Latest development: 20.03.2026 10:05
Authorities from the United States, Germany, and Canada disrupted Command and Control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid, and Mossad botnets to infect Internet of Things (IoT) devices and launch hundreds of thousands of DDoS attacks, including attacks against IP addresses owned by the Department of Defense Information Network (DoDIN).
Kimwolf botnet expands through residential proxy abuse
Malware Activity
First: 02.01.2026 16:20
Last: 02.01.2026 16:20
Sources 1
About this happening:
The **Kimwolf** **IoT botnet** continues to expand through abuse of **residential proxy services** such as **IPIDEA**, which it uses to relay malicious traffic, scan local network...
Kimwolf botnet expands through residential proxy abuse
Malware ActivityAbout this happening: The **Kimwolf** **IoT botnet** continues to expand through abuse of **residential proxy services** such as **IPIDEA**, which it uses to relay malicious traffic, scan local network...
Latest development: 29.01.2026 19:15
Google Threat Intelligence Group and partners coordinated court action and technical enforcement to disrupt IPIDEA, a residential proxy network whose SDKs were used to enroll devices into Kimwolf and other botnets. Google said it took down domains used to command infected devices and manage proxy traffic, and Google Play Protect now alerts users, removes apps containing IPIDEA SDKs, and blocks future installation attempts on certified Android devices.
Timeline
-
11.09.2025 01:09 2 articles · 8mo ago
European DDoS scrubbing provider hit by 1.5 Gpps flood
Initial DisclosureA DDoS mitigation service provider in Europe was targeted by a distributed denial-of-service attack that reached 1.5 billion packets per second, with traffic coming from thousands of IoT devices and MikroTik routers across more than 11,000 unique networks worldwide. FastNetMon says the attack was detected in real time and mitigated using the customer’s DDoS scrubbing facility and access control lists (ACLs) on edge routers.
Show sources
- DDoS defender targeted in 1.5 Bpps denial-of-service attack — www.bleepingcomputer.com — 11.09.2025 01:09
- DDoS defender targeted in 1.5 Bpps denial-of-service attack — www.bleepingcomputer.com — 11.09.2025 01:09