Massive 1.5 Bpps DDoS attack targets European DDoS mitigation provider
Summary
Hide β²
Show βΌ
A European DDoS mitigation service provider was targeted in a large-scale DDoS attack reaching 1.5 billion packets per second (Bpps). The attack originated from thousands of compromised IoT devices and MikroTik routers across over 11,000 unique networks worldwide. FastNetMon mitigated the attack using real-time detection and edge router ACLs. The attack aimed to exhaust processing abilities and cause service outages. This event highlights the growing threat of massive DDoS attacks leveraging compromised consumer hardware. The attack was a UDP flood, and mitigation involved deploying access control lists (ACLs) on edge routers. FastNetMon's founder emphasized the need for ISP-level intervention to prevent such attacks.
Timeline
-
11.09.2025 01:09 π° 1 articles Β· β± 6d ago
European DDoS mitigation provider targeted in 1.5 Bpps attack
A European DDoS mitigation service provider was targeted in a massive DDoS attack reaching 1.5 billion packets per second (Bpps). The attack originated from thousands of compromised IoT devices and MikroTik routers across over 11,000 unique networks worldwide. FastNetMon mitigated the attack using real-time detection and deploying ACLs on edge routers. The attack was a UDP flood, and mitigation involved deploying access control lists (ACLs) on edge routers.
Show sources
- DDoS defender targeted in 1.5 Bpps denial-of-service attack β www.bleepingcomputer.com β 11.09.2025 01:09
Information Snippets
-
The attack reached 1.5 billion packets per second (Bpps), making it one of the largest packet-rate floods publicly disclosed.
First reported: 11.09.2025 01:09π° 1 source, 1 articleShow sources
- DDoS defender targeted in 1.5 Bpps denial-of-service attack β www.bleepingcomputer.com β 11.09.2025 01:09
-
The attack originated from over 11,000 unique networks worldwide, including compromised IoT devices and routers.
First reported: 11.09.2025 01:09π° 1 source, 1 articleShow sources
- DDoS defender targeted in 1.5 Bpps denial-of-service attack β www.bleepingcomputer.com β 11.09.2025 01:09
-
The attack was a UDP flood, targeting the processing abilities of the DDoS mitigation provider.
First reported: 11.09.2025 01:09π° 1 source, 1 articleShow sources
- DDoS defender targeted in 1.5 Bpps denial-of-service attack β www.bleepingcomputer.com β 11.09.2025 01:09
-
FastNetMon mitigated the attack using real-time detection and deploying ACLs on edge routers.
First reported: 11.09.2025 01:09π° 1 source, 1 articleShow sources
- DDoS defender targeted in 1.5 Bpps denial-of-service attack β www.bleepingcomputer.com β 11.09.2025 01:09
-
The targeted provider specializes in filtering out malicious traffic during DDoS attacks.
First reported: 11.09.2025 01:09π° 1 source, 1 articleShow sources
- DDoS defender targeted in 1.5 Bpps denial-of-service attack β www.bleepingcomputer.com β 11.09.2025 01:09
-
The attack was detected and mitigated in real-time, preventing service outages.
First reported: 11.09.2025 01:09π° 1 source, 1 articleShow sources
- DDoS defender targeted in 1.5 Bpps denial-of-service attack β www.bleepingcomputer.com β 11.09.2025 01:09
-
FastNetMon's founder, Pavel Odintsov, called for ISP-level intervention to stop the mass-scale weaponization of compromised consumer hardware.
First reported: 11.09.2025 01:09π° 1 source, 1 articleShow sources
- DDoS defender targeted in 1.5 Bpps denial-of-service attack β www.bleepingcomputer.com β 11.09.2025 01:09
Similar Happenings
Akira Ransomware Group Exploits SonicWall SSL VPN Flaws
The Akira ransomware group has been actively exploiting SonicWall SSL VPN flaws and misconfigurations to gain initial access to networks. This campaign has seen increased activity since late July 2025, targeting SonicWall devices to facilitate ransomware operations. The group leverages a combination of security vulnerabilities, including a year-old flaw (CVE-2024-40766) and misconfigured LDAP settings, to bypass access controls and infiltrate networks. Organizations are advised to rotate passwords, remove unused accounts, enable multi-factor authentication, and restrict access to the Virtual Office Portal to mitigate risks. The Australian Cyber Security Centre (ACSC) has acknowledged Akira's targeting of SonicWall SSL VPNs and issued alerts about the increased exploitation of CVE-2024-40766.
Increased browser targeting by threat actors
Threat actors are increasingly targeting web browsers as a primary attack vector. This shift is driven by the browser's central role in accessing sensitive data and cloud applications, making it an attractive target for credential theft and session hijacking. High-profile incidents, such as the Snowflake breach, underscore the need for enhanced browser security measures. The browser's role in accessing sensitive data and cloud applications makes it a prime target for attackers. The Snowflake breach, which exploited stolen credentials, highlights the risks associated with browser-based attacks. Experts emphasize the need for stronger browser security to mitigate these threats. Browser-based attacks include phishing for credentials and sessions, malicious copy & paste (ClickFix), malicious OAuth integrations, malicious browser extensions, malicious file delivery, and exploiting stolen credentials and MFA gaps. These attacks exploit the browser's role in accessing business applications and data, making it crucial for security teams to focus on browser security.
Apple patches Image I/O zero-day exploited in targeted attacks
Apple has released emergency updates to fix a zero-day vulnerability (CVE-2025-43300) in the Image I/O framework. The flaw, an out-of-bounds write issue, was exploited in "extremely sophisticated" targeted attacks against specific individuals. The vulnerability affects multiple iOS, iPadOS, and macOS versions and devices. Apple has not attributed the discovery to a specific researcher or provided details about the attacks. The flaw allows attackers to exploit the vulnerability by supplying malicious input, potentially leading to remote code execution. Affected devices include various iPhone, iPad, and Mac models running specific versions of iOS, iPadOS, and macOS. The flaw was discovered internally by Apple and addressed with improved bounds checking. The vulnerability has been exploited as part of highly targeted attacks. Users are advised to install the updates promptly to mitigate potential ongoing attacks. CERT-FR has reported at least four instances of Apple threat notifications alerting users about mercenary spyware attacks since the beginning of the year. The attacks target individuals based on their status or function, including journalists, lawyers, activists, politicians, and senior officials. Apple has sent threat notifications to users in over 150 countries since 2021. Apple has backported fixes for the vulnerability to older versions of iOS, iPadOS, and macOS, including iOS 16.7.12, iPadOS 16.7.12, iOS 15.8.5, and iPadOS 15.8.5. The updates also address multiple other security flaws in various Apple products. The flaw was chained with a WhatsApp zero-click vulnerability (CVE-2025-55177) in targeted attacks. The attacks were described as "extremely sophisticated" by Apple and WhatsApp. Samsung also patched a remote code execution vulnerability chained with the CVE-2025-55177 WhatsApp flaw in zero-day attacks targeting its Android devices.