From Mirai roots to proxy sales: Aisuru is not new. Its foundations trace back to leaked code of the Mirai IoT botnet from 2016, which held “KrebsOnSecurity,” the investigative blog run by Krebs, offline for four days. “The 2016 assault was so large that Akamai which was providing pro-bono DDoS protection for KrebsOnSecurity at the time, asked me to leave their service because the attack was causing problems for their paying customers,” Krebs had said then.This time, Aisuru’s operators seem to be monetizing and scaling their creation. The botnet is now believed to serve dual roles, acting as a DDoS engine while also functioning as a residential proxy network. These proxies allow cybercriminals to route attacks through “legitimate” US home devices, masking the true origin of malicious traffic. Krebs also cited security researchers who believe a compromise of router firmware distribution infrastructure, with one alleged breach at Totolink’s firmware server in April 2025, could have accelerated device enrollment into Aisuru’s ranks. The timing of the takedown of a rival botnet (Rapper Bot) in August 2025 may have also allowed Aisuru to absorb the abandoned infected devices, boosting its growth.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4071594/aisurus-30-tbps-botnet-traffic-crashes-through-major-us-isps.html
