BrianKrebs

New, from me:

KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Read on for more about the botnet, the attack, and the apparent creator of this global menace.

According to Google, the botnet that hit my site - at a rate of 585 million packets per second -- is an IoT botnet known as Aisuru, and it is the same one that hit Cloudflare with a remarkably similar attack last month. I interviewed the self-professed creator of Aisuru, a 21 y/o Brazilian who goes by the handle "Forky." Forky denied being involved in an attack on my site, but he also lied in almost everything else he told me.

There's a lot more to this story, including some eerie parallels between Aisuru's rise and that of the Mirai IoT botnet, which became so powerful because it effectively out-competed every other DDoS botnet in existence, giving them enormous firepower. Ironically, this same concentration of power happens each time the FBI conducts another one of its mass takedowns of DDoS-for-hire services. The ones that don't get taken down benefit enormously.

https://krebsonsecurity.com/2025/05/krebsonsecurity-hit-with-near-record-6-3-tbps-ddos/

KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS – Krebs on Security

May 20 at 9:42pmWeb
Show threadBrianKrebs4d ago

I meant to mention in the story that Forky commented multiple times about how Botshield itself received ddos protection from a company called Path Networks, which has a history of hiring “reformed” hackers. Among their many questionable hires was DOGE's Mr. Big Balls himself.

https://krebsonsecurity.com/2025/02/teen-on-musks-doge-team-graduated-from-the-com/

Teen on Musk’s DOGE Team Graduated from ‘The Com’ – Krebs on Security

Show threadMetacurity4d ago
@briankrebs Good lord. "The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand."
Show threadSara Angeloni 🏳️‍🌈🇪🇺4d ago
@briankrebs 6.3 Tb = 731.136 GiB, if anyone besides me wondered. 🤪 Dear sir! Can I borrow 0.1% of your bandwidth? 🤤
Show threadAlan Miller  🇺🇦4d ago
@Satiah @briankrebs he's using Google's ddos protection service, similar to offerings from cloudflare and others.
Show threadJeff Smith4d ago

@briankrebs interesting name for the botnet - it means “to love” or if said to someone else “I love you”. 愛する

And mirai means future.

Wonder how these names are being chosen. Creative

Show threadOctavia Con Amore  Succubard's Library4d ago
@sumisu3 @briankrebs as a note, if you want to tell someone "I love you", you have to use 愛してる instead of 愛する 
Show threadJeff Smith4d ago
@OctaviaConAmore @briankrebs yes true. Haven’t said it in Japanese in a very long time
Show threadCyberFrog4d ago
@sumisu3 @briankrebs Mirai was chosen because the creator was a western anime fan, from my understanding, it's likely just a combination of being edgy and unique
Show threadJeff Smith4d ago
@froge @briankrebs interesting. I had heard of it before, but then seeing another botnet with a Japanese romaji name I was intrigued
Show threadnone gender with left politics3d ago
@sumisu3 @briankrebs reminds me of the "hug of death"
Show threadPhil2d ago
@sumisu3 @briankrebs I doubt it goes deeper than the creators being huge anime and manga fans. The creator of Mirai used the moniker "Anna-Senpai".
Show threadsudonem4d ago
@briankrebs jfc.
Show threadmorb4d ago
@briankrebs that's pretty impressive
Show threadGraham Sutherland / Polynomial4d ago
@briankrebs lol the opsec is astounding
Show threadGraham Sutherland / Polynomial4d ago
@briankrebs oh to be 21 and unfathomably stupid again
Show threadpetabites4d ago
@briankrebs

holy crap ... over 2.2 #petabytes per hour?
Show threadZ4d ago
@briankrebs
Someone still using the "r" slur should probably be looked at with strong suspicion.
Show threadCyberFrog4d ago
@briankrebs 6.3 terabits? god damn that's wild, I think this level of attack has the ability to legitimately brick an entire national fiber line unironically, especially for smaller countries... and some 21 year old seemingly built it? wild times
Show threadRairii   3d ago
@briankrebs evidently someone asked the question "if mirai was so good why is there no mirai 2"
Show threadC.3d ago

@briankrebs

Do they attack you specifically just to get publicity for their new & improved botnet? i.e. to help sales?

(I'm aware some may be retaliatory for things you've said or actions you've taken against them / their botnets)

Show threadPhil2d ago
@briankrebs "The Aisuru botnet comprises a globally-dispersed collection of hacked IoT devices, including routers, digital video recorders and other systems that are commandeered via default passwords or software vulnerabilities."
Before I read that part, I was asking myself, if the size is because of such devices. No wonder the botnets using those grew since Mirai. The number of insecure, cheaply produced IoT devices that punch holes through firewalls has grown a lot in the last 10 years.