Aisuru/Kimwolf botnet record DDoS campaign against telecommunications and IT companies
Campaign
Summary
Hide ▲
Show ▼
The Aisuru/Kimwolf botnet campaign expanded in late 2025 with Kimwolf, a DDoS botnet compiled using the NDK, and evidence linking it to AISURU through shared infection scripts and code artifacts. QiAnXin XLab says Kimwolf had at least 1.8 million infected Android-based TVs, set-top boxes, and tablets and issued 1.7 billion DDoS commands between November 19 and 22, 2025. The activity mattered because the botnet combined DDoS, proxy forwarding, reverse shell, and file management functions while also hardening its C2 infrastructure with ENS/EtherHiding. Recent analysis tied the campaign to the same botnet thread that later drew major mitigation and disruption actions against Aisuru/Kimwolf.
Related Happenings
RustDuck DDoS botnet activity targeting routers and servers
Malware Activity
H score27
First: 30.06.2026 20:45
Last: 30.06.2026 20:45
Sources 1
About this happening:
The **RustDuck** malware family is **hijacking routers, cameras, Android boxes, and servers** to assemble a **DDoS botnet** that can flood targets and knock websites and online se...
RustDuck DDoS botnet activity targeting routers and servers
Malware ActivityAbout this happening: The **RustDuck** malware family is **hijacking routers, cameras, Android boxes, and servers** to assemble a **DDoS botnet** that can flood targets and knock websites and online se...
Dort-linked DDoS, doxing, and swatting campaign against researchers
Campaign
H score38
First: 22.05.2026 00:50
Last: 22.05.2026 00:50
Sources 1
About this happening:
The **Dort**-linked harassment campaign targeted **this author and a security researcher**, using **DDoS, doxing, and swatting** to intimidate the people investigating the operato...
Dort-linked DDoS, doxing, and swatting campaign against researchers
CampaignAbout this happening: The **Dort**-linked harassment campaign targeted **this author and a security researcher**, using **DDoS, doxing, and swatting** to intimidate the people investigating the operato...
Xlabs_v1 Mirai-derived ADB DDoS botnet
Malware Activity
H score22
First: 06.05.2026 23:21
Last: 06.05.2026 23:21
Sources 1
About this happening:
The **xlabs_v1** Mirai-derived botnet has been exposed as a **DDoS** tool that abuses **Android Debug Bridge (ADB)** on internet-facing devices, expanding risk to **Android**, rou...
Xlabs_v1 Mirai-derived ADB DDoS botnet
Malware ActivityAbout this happening: The **xlabs_v1** Mirai-derived botnet has been exposed as a **DDoS** tool that abuses **Android Debug Bridge (ADB)** on internet-facing devices, expanding risk to **Android**, rou...
UAE and Gulf cyberattack surge after Iran conflict escalation
Trend
H score29
First: 06.05.2026 08:30
Last: 06.05.2026 08:30
Sources 1
About this happening:
Cyberattack volume surged across the **UAE** and wider **Gulf** after military operations against **Iran** began, pushing daily breach attempts to **600,000 to 800,000** and raisi...
UAE and Gulf cyberattack surge after Iran conflict escalation
TrendAbout this happening: Cyberattack volume surged across the **UAE** and wider **Gulf** after military operations against **Iran** began, pushing daily breach attempts to **600,000 to 800,000** and raisi...
Brazilian ISP botnet DDoS campaign
Campaign
H score36
First: 30.04.2026 17:04
Last: 30.04.2026 17:04
Sources 1
About this happening:
The **Brazilian ISP botnet DDoS campaign** has been linked to a **Brazil-based threat actor** that repeatedly hit **Brazilian network operators** over several years. The operation...
Brazilian ISP botnet DDoS campaign
CampaignAbout this happening: The **Brazilian ISP botnet DDoS campaign** has been linked to a **Brazil-based threat actor** that repeatedly hit **Brazilian network operators** over several years. The operation...
Timeline
-
20.03.2026 02:49 1 articles · 3mo ago
Authorities dismantle Aisuru/Kimwolf botnet infrastructure
Legal Policy Action UpdateThe U.S. Justice Department, with authorities in Canada and Germany, dismantled infrastructure behind Aisuru, Kimwolf, JackSkid and Mossad, seized U.S.-registered domains and virtual servers used in DDoS attacks against DoD Internet addresses, and said the action was intended to prevent further infections and future attacks.
Show sources
- Feds Disrupt IoT Botnets Behind Huge DDoS Attacks — krebsonsecurity.com — 20.03.2026 02:49
-
29.01.2026 16:55 5 articles · 5mo ago
Cloudflare mitigates record Aisuru/Kimwolf DDoS campaign
Campaign Scope UpdateCloudflare detected and mitigated a record-setting Aisuru/Kimwolf botnet DDoS campaign on December 19, 2025, after the botnet launched hyper-volumetric HTTP and Layer 4 attacks peaking at 200 million requests per second and 31.4 Tbps against multiple companies, mostly telecommunications service providers and IT organizations, including Cloudflare customers, dashboard, and infrastructure.
Show sources
- Aisuru botnet sets new record with 31.4 Tbps DDoS attack — www.bleepingcomputer.com — 29.01.2026 16:55
- Aisuru botnet sets new record with 31.4 Tbps DDoS attack — www.bleepingcomputer.com — 29.01.2026 16:55
- Record-Breaking DDoS Attack Peaks at 22 Tbps and 10 Bpps — www.securityweek.com — 24.09.2025 12:24
- DDoS Botnet Aisuru Blankets US ISPs in Record DDoS — krebsonsecurity.com — 10.10.2025 19:10
- Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks — thehackernews.com — 17.12.2025 20:09
-
29.01.2026 16:55 3 articles · 5mo ago
Cloudflare publishes 2025 Q4 DDoS threat findings
Initial DisclosureCloudflare's 2025 Q4 DDoS Threat Report said 2025 recorded 47.1 million DDoS incidents, a 121% increase over 2024, and described the Aisuru campaign's attack sources as Android TVs while noting that the hyper-volumetric attacks were automatically detected and mitigated without triggering internal alerts.
Show sources
- Aisuru botnet sets new record with 31.4 Tbps DDoS attack — www.bleepingcomputer.com — 29.01.2026 16:55
- Microsoft Mitigates Record 5.72 Tbps DDoS Attack Driven by AISURU Botnet — thehackernews.com — 18.11.2025 10:17
- Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts — thehackernews.com — 04.12.2025 08:52