VulnHub

Real-time Cybersecurity News

AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack

The Hacker News
Actively Exploited
BotnetDDoS

Overview

The AISURU/Kimwolf botnet has launched a massive DDoS attack that peaked at an astonishing 31.4 Terabits per second, lasting just 35 seconds. This attack is part of a growing trend of extremely high-volume HTTP DDoS assaults that the botnet has been executing throughout the fourth quarter of 2025. Cloudflare, a cybersecurity company that monitors these incidents, successfully detected and mitigated the attack, preventing potential disruptions to online services. Such high-capacity attacks pose significant risks to internet infrastructure and can overwhelm even the most fortified systems, affecting businesses and users alike. As these types of attacks become more common, organizations need to bolster their defenses against DDoS threats.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Web services, online businesses, internet infrastructure
  • Action Required: Implement DDoS mitigation strategies, enhance network security measures, and utilize traffic filtering solutions.
  • Timeline: Newly disclosed

Original Article Summary

The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds. Cloudflare, which automatically detected and mitigated the activity, said it's part of a growing number of hyper-volumetric HTTP DDoS attacks mounted by the botnet in the fourth quarter of 2025. The

Impact

Web services, online businesses, internet infrastructure

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Implement DDoS mitigation strategies, enhance network security measures, and utilize traffic filtering solutions.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Botnet, DDoS.

Read Original Article

Related Coverage

Execution gap plagues enterprise digital resilience

SCM feed for Latest

A recent global study by Economist Impact and Telstra International has revealed a significant gap in how organizations respond to major disruptions. The research found that only 25% of companies can effectively implement their plans during crises, indicating that the issues stem more from poor governance and lack of coordination rather than technology failures. This gap in execution could leave many enterprises vulnerable during critical events, highlighting the need for better strategies and collaboration among stakeholders. Addressing these governance issues is essential for improving overall digital resilience and ensuring that organizations can withstand future challenges effectively.

Apr 15, 2026

Fake Ledger Live App on Apple Store Linked to $9.5M Crypto Theft

Hackread – Cybersecurity News, Data Breaches, AI and More

A counterfeit version of the Ledger Live app was found on the Apple App Store, leading to the theft of $9.5 million in cryptocurrency from over 50 users. This fraudulent app was designed to look like the official Ledger Live application, which is used for managing crypto assets. The presence of this fake app raises serious concerns about the vetting process for applications on the App Store and the potential for users to fall victim to scams. Individuals who downloaded the app are urged to check their accounts for unauthorized transactions. This incident serves as a stark reminder for users to verify the authenticity of apps before installation, especially those related to financial transactions.

Apr 15, 2026

Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure

SecurityWeek

Sweden has publicly attributed a cyberattack on its energy infrastructure to a pro-Russian group, marking the first acknowledgment of this incident. The attack specifically targeted a heating plant located in western Sweden, raising concerns about the security of critical energy systems in the country. The disclosure comes amid heightened tensions in Europe, where cyber threats have been increasingly linked to geopolitical conflicts. This incident highlights the potential vulnerabilities of essential services and the need for robust cybersecurity measures to protect against state-sponsored attacks. The Swedish government is likely to increase its focus on defending against similar threats in the future.

Apr 15, 2026

European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program

Infosecurity Magazine

The European Union Agency for Cybersecurity (ENISA) is aiming to become a Top-Level Root CVE Numbering Authority, joining CISA and MITRE in this role. This move would allow ENISA to assign unique identifiers to vulnerabilities in software and hardware, which is crucial for tracking and addressing security issues across the EU. ENISA’s involvement in this program is expected to enhance the overall cybersecurity posture in Europe by improving coordination and communication regarding vulnerabilities. As cyber threats continue to evolve, having a dedicated authority in Europe could streamline responses and bolster the region's defenses against attacks. This initiative reflects a growing recognition of the importance of a unified approach to cybersecurity in Europe.

Apr 15, 2026

New JanaWare ransomware targets Turkey with low-value, high-volume attacks

SCM feed for Latest

A new ransomware strain called JanaWare is targeting users in Turkey, focusing on home users and small to medium-sized businesses. The attackers are primarily spreading the malware through phishing emails that contain malicious Java archive files. This method of infection allows them to infiltrate systems quietly, posing a significant risk to individuals and organizations that may not have robust cybersecurity measures in place. The low-value, high-volume nature of these attacks suggests that the perpetrators are likely looking to maximize their reach rather than targeting high-profile victims. As more users fall prey to these phishing attempts, it raises concerns about the overall security posture of smaller businesses that may lack the resources to defend against such threats.

Apr 15, 2026

Prepping for 'Q-Day': Why Quantum Risk Management Should Start Now

darkreading

Experts are warning that the arrival of quantum computers could pose significant risks to current cybersecurity systems. As quantum technology advances, it may undermine the cryptographic methods that protect sensitive data today. This transition to a quantum-safe environment is expected to be a lengthy process, potentially taking years and may never be fully achieved. Organizations are urged to start preparing now to mitigate these risks before quantum computers become mainstream. The implications are serious: if not addressed, quantum computing could expose critical information and infrastructure to new vulnerabilities.

Apr 15, 2026