The Most Powerful Ever? Inside the 11.5Tbps-Scale Mega Botnet AISURU
Essential information
- Published
- 25/09/2025 09:20
- Modified
- 25/09/2025 14:48
- Tags
- 2025-09-25 CVE-2013-1599 CVE-2013-3307 CVE-2013-5948 CVE-2017-5259 CVE-2022-35733 CVE-2022-44149 CVE-2023-28771 CVE-2023-50381 CVE-2024-3721 airashi aisuru botnet cybercrime ddos encryption firmware proxy router vulnerabilities
- Related entities
- 9 vulnerabilities (cve), 11 observables, 1 intrusion sets (apt), 18 techniques (mitre), 2 malware
Description
The AISURU botnet has emerged as a formidable threat, capable of launching massive DDoS attacks reaching 11.5 Tbps. First disclosed in 2024, it expanded significantly in 2025 by compromising a router firmware update server. The botnet, with approximately 300,000 nodes, is operated by a group of three key figures. It exploits various vulnerabilities, including 0-days, to propagate and has targeted multiple industries worldwide. AISURU employs sophisticated anti-analysis techniques, encryption methods, and a custom network protocol. Beyond DDoS attacks, it has expanded into proxy services, indicating a shift towards diversified cybercriminal activities. The botnet's scale and capabilities make it a significant concern for global cybersecurity.