Security

A brand new botnet delivers DDOS attacks on record size

Bartholome Zieme

March 8, 2025


An after-discovered network botetet consisting of an estimated 30,000 webcam and video recorders-with the largest concentration in the US-has delivered the biggest attack on the denial of the service ever seen, a safety researcher in Nokia said.

The Botnet, detected under the name Eleven11bot, only came to light at the end of February when researchers in Nokia’s Deepfield Emergency Response team observed a large number of geographically distributed IP addresses that deliver “hyper-volumetric attacks”. Eleven11bot has since produced large -scale attacks.

Volumetric DDoss concludes services by consuming all available bandwidth in the targeted network or the connection to the Internet. This approach works differently than exhaustion DDoss, which exerts the computer sources of a server too much. Hypervolumetric seizures are volumetric doses that provide incredible amounts of data, usually measured in the terabits per second.

Johnny-Come has set Botnet a new record

At 30,000 devices, the eleven1bot was already exceptionally large (although some bot nets exceeded 100,000 devices). Most of the IP addresses participating, Nokia researcher Jérôme Meyer told me, has never seen what was involved in DDos attacks.

In addition to a 30,000 node that looks overnight, another important feature of eleven1bot is the record -sized volume of data it sends its targets. The largest one that Nokia has seen from eleven1bot so far took place on February 27, reaching a peak at approximately 6.5 terabits per second. The previous record for a volumetric attack was reported at 5.6 TBPS in January.

“Eleven11Bot has targeted various sectors, including communications service providers and games host to infrastructure, which utilizes a variety of attack vectors,” Meyer wrote. Although the attacks are in some cases based on the amount of data, others focus on flooding a connection to more data packs than a connection can handle, with numbers ranging from a ‘few hundred thousand to a few hundred million packets per second’. The decline of the service caused in some attacks lasted several days, and some continued from the time this post was direct.

A distribution showed that the largest concentration of IP addresses, at 24.4 percent, was located in the US. Taiwan was at 17.7 percent next, and the UK with 6.5 percent.

In an online interview, Meyer made the following points:

  • This botnet is much larger than what we were used to in DDOS attacks (the only precedent I have in mind is an attack from 2022 directly to Ukraine invasion, at ~ 60k bots, but not public).
  • The vast majority of his IPs were not involved in DDOS attacks before the past week.
  • Most of the IPs are security cameras (Censys think Hisilicon, I have seen several sources talk to a hicvision NVR, so it is a possibility, but not my area of ​​expertise).
  • Partly because the botnet is greater than average, the attack size is also larger than the average.

Related posts:

  1. What really happened to the ddos ​​attacks that X took off
  2. Nokia placed a 4G -Sellular network on the moon but could not make a phone call
  3. Meet the rented guns that make sure the cyber attacks remain hidden
  4. End-to-end-encrypted texts between Android and iPhone come

Leave a Reply

Your email address will not be published. Required fields are marked *