Brazilian ISP botnet DDoS campaign
Campaign
Summary
Hide ▲
Show ▼
The Brazilian ISP botnet DDoS campaign has been linked to a Brazil-based threat actor that repeatedly hit Brazilian network operators over several years. The operation matters because it combined Internet-wide scanning, DNS reflection abuse, and a botnet of compromised routers and servers to generate massive attack traffic. Newly exposed operational files also tie the activity to Huge Networks infrastructure and show the attacks were confined to Brazilian IP ranges.
Related Happenings
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector Action
First: 23.04.2026 15:28
Last: 23.04.2026 15:28
Sources 1
About this happening:
**NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector ActionAbout this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
Operation PowerOff DDoS-for-hire takedown
Law Enforcement
First: 17.04.2026 09:40
Last: 17.04.2026 09:40
Sources 1
About this happening:
Europol and partners in 21 countries carried out Operation PowerOff, disrupting a DDoS-for-hire/booter-service ecosystem. The coordinated action took down 53 domains, seized infra...
Operation PowerOff DDoS-for-hire takedown
Law EnforcementAbout this happening: Europol and partners in 21 countries carried out Operation PowerOff, disrupting a DDoS-for-hire/booter-service ecosystem. The coordinated action took down 53 domains, seized infra...
Latest development: 17.04.2026 14:30
Europol-led Operation PowerOff involved police and cybersecurity agencies from 21 countries and disrupted DDoS-for-hire infrastructure by taking down 53 domains, seizing databases linked to over three million criminal user accounts, removing over 100 advertising URLs, and arresting four people suspected of providing DDoS-for-hire services.
Operation PowerOFF DDoS-for-hire arrests and takedowns
Law Enforcement
First: 17.04.2026 01:26
Last: 17.04.2026 01:26
Sources 1
About this happening:
Authorities participating in Operation PowerOFF disrupted DDoS-for-hire and booter infrastructure across 21 countries, arresting four suspects and taking 53 domains offline. The a...
Operation PowerOFF DDoS-for-hire arrests and takedowns
Law EnforcementAbout this happening: Authorities participating in Operation PowerOFF disrupted DDoS-for-hire and booter infrastructure across 21 countries, arresting four suspects and taking 53 domains offline. The a...
Latest development: 17.04.2026 14:30
Europol-led Operation PowerOff involved police and cybersecurity agencies from 21 countries and disrupted DDoS-for-hire infrastructure by taking down 53 domains, seizing databases linked to over three million criminal user accounts, removing over 100 advertising URLs, and arresting four people suspected of providing DDoS-for-hire services.
APT28 FrostArmada DNS hijacking and AitM credential theft campaign
Campaign
First: 07.04.2026 18:51
Last: 07.04.2026 18:51
Sources 1
About this happening:
A multinational disruption effort has taken down **FrostArmada**, an **APT28** campaign that hijacked router DNS settings to steal **Microsoft account credentials** and OAuth toke...
APT28 FrostArmada DNS hijacking and AitM credential theft campaign
CampaignAbout this happening: A multinational disruption effort has taken down **FrostArmada**, an **APT28** campaign that hijacked router DNS settings to steal **Microsoft account credentials** and OAuth toke...
FBI, DOJ, and Poland take FrostArmada infrastructure offline
Law Enforcement
First: 07.04.2026 18:51
Last: 07.04.2026 18:51
Sources 1
About this happening:
Authorities carried out a **takedown** of **FrostArmada** infrastructure, disrupting an **APT28** credential-theft operation that hijacked router traffic to steal Microsoft logins...
FBI, DOJ, and Poland take FrostArmada infrastructure offline
Law EnforcementAbout this happening: Authorities carried out a **takedown** of **FrostArmada** infrastructure, disrupting an **APT28** credential-theft operation that hijacked router traffic to steal Microsoft logins...
Timeline
-
30.04.2026 17:04 1 articles · 27d ago
Digital Ocean flags Huge Networks droplet compromise
Detection Ioc UpdateDigital Ocean flagged a Huge Networks droplet on January 11, 2026 as compromised due to a leaked SSH key, and Huge Networks says it wiped the affected boxes and rotated keys after a January 2026 intrusion that affected two development servers and Erick Nascimento’s personal SSH keys.
Show sources
- Anti-DDoS Firm Heaped Attacks on Brazilian ISPs — krebsonsecurity.com — 30.04.2026 17:04
-
30.04.2026 17:04 2 articles · 27d ago
Investigative report links Huge Networks to Brazilian ISP DDoS botnet
Initial DisclosureAn investigative report linked Huge Networks, a Brazilian DDoS mitigation provider centered in Brazil, to an extended botnet campaign that mass-scanned insecure Internet routers and unmanaged DNS servers, used TP-Link Archer AX21 devices vulnerable to CVE-2023-1389, and launched massive DDoS attacks against Brazilian ISPs from Brazilian IP ranges.
Show sources
- Anti-DDoS Firm Heaped Attacks on Brazilian ISPs — krebsonsecurity.com — 30.04.2026 17:04
- Anti-DDoS Firm Heaped Attacks on Brazilian ISPs — krebsonsecurity.com — 30.04.2026 17:04