VulnHub

In November 2025, a massive DDoS attack reached a peak of 31.4 terabits per second, making it one of the largest ever recorded. The attack was executed by the AISURU/Kimwolf botnet and lasted for just 35 seconds. Fortunately, Cloudflare's security systems were able to automatically detect and block the attack before it could cause significant disruption. This incident is part of a worrying trend of increasingly powerful and brief DDoS attacks that can overwhelm even the most robust defenses. Organizations must remain vigilant as such attacks not only threaten individual services but also have the potential to disrupt broader internet infrastructure.

The AISURU/Kimwolf botnet has launched a massive DDoS attack that peaked at an astonishing 31.4 Terabits per second, lasting just 35 seconds. This attack is part of a growing trend of extremely high-volume HTTP DDoS assaults that the botnet has been executing throughout the fourth quarter of 2025. Cloudflare, a cybersecurity company that monitors these incidents, successfully detected and mitigated the attack, preventing potential disruptions to online services. Such high-capacity attacks pose significant risks to internet infrastructure and can overwhelm even the most fortified systems, affecting businesses and users alike. As these types of attacks become more common, organizations need to bolster their defenses against DDoS threats.

Italy's Foreign Minister Antonio Tajani announced that the country successfully thwarted a series of cyberattacks linked to a pro-Russian group known as Noname057(16). These attacks targeted various entities, including the Foreign Ministry offices, with one affecting operations in Washington, D.C. Additionally, the group aimed at disrupting websites and hotels associated with the upcoming Milano Cortina 2026 Winter Olympics. This incident highlights ongoing cybersecurity concerns related to geopolitical tensions, particularly as major international events approach. The Italian government’s proactive measures demonstrate the importance of safeguarding critical infrastructure and national security against external threats.

Poland's Central Bureau for Combating Cybercrime has arrested a 20-year-old man believed to be behind a series of global DDoS attacks that targeted important websites. The suspect faces six charges, including disrupting IT systems and using specialized software to execute cyberattacks. He has reportedly confessed to many of the allegations against him. If found guilty, he could face up to five years in prison. This operation underscores the ongoing challenges of combating cybercrime, particularly as such attacks can significantly disrupt online services and affect many organizations worldwide.

A massive distributed denial-of-service (DDoS) attack has reached a staggering 31.4 terabits per second, setting new records for online attacks. This incident is attributed to a powerful botnet known as the 'apex' botnet, which has been exploiting consumer devices, such as routers and smart home gadgets, to amplify its attack capabilities. As attackers increasingly turn ordinary home devices into tools for cyber warfare, businesses and individuals alike are at risk of service disruptions. The scale of this attack serves as a wake-up call for users to secure their connected devices and for companies to enhance their defenses against such overwhelming assaults. The implications are serious, as these attacks can cripple online services and affect a vast number of users worldwide.

In December 2025, the Aisuru/Kimwolf botnet executed a record-breaking distributed denial of service (DDoS) attack, reaching a staggering peak of 31.4 terabits per second and generating 200 million requests per second. This incident marks one of the largest DDoS attacks recorded to date, raising concerns for internet stability and security. Organizations that rely on online services, including e-commerce and cloud providers, may experience significant disruptions. The attack showcases the growing capabilities of botnets and the need for enhanced defenses against such aggressive tactics. As attackers continue to evolve their methods, companies must prioritize their cybersecurity measures to mitigate the impact of similar threats in the future.

The UK government's National Cyber Security Centre (NCSC) has issued a warning about ongoing Distributed Denial of Service (DDoS) attacks carried out by Russia-linked hacktivists. These attacks are targeting critical infrastructure and local government systems across the UK. The NCSC's alert, released on January 19, 2026, emphasizes the potential disruption these attacks can cause, putting essential services at risk. The government urges organizations to bolster their defenses against such incidents, highlighting that the threat remains persistent. This situation is particularly concerning as it could impact public safety and the functionality of vital services during times of crisis.

The U.K. government has issued a warning about ongoing attacks from Russian-aligned hacktivist groups that are targeting the country's critical infrastructure and local government entities. These attacks primarily involve disruptive denial-of-service (DDoS) tactics, which can overwhelm systems and render them inoperable. As these groups continue their campaigns, organizations may face significant operational challenges and potential data breaches. It’s crucial for affected entities to bolster their cybersecurity measures to mitigate the risks associated with these aggressive actions. The situation highlights a growing trend of politically motivated cyberattacks that can impact essential services and public safety.

The activist website ICE List, which published personal information of U.S. Immigration and Customs Enforcement (ICE) agents, was taken offline after a significant distributed denial-of-service (DDoS) attack. This incident occurred shortly after the release of a list containing the names of 4,500 federal agents, which was linked to a shooting involving Renee Nicole Good. The DDoS attack effectively crippled the site, preventing access for users. This incident raises concerns about the safety of law enforcement personnel whose information has been exposed and the potential for further attacks on similar activist platforms. It highlights the ongoing tensions between activists and law enforcement agencies, especially in the context of online privacy and security.

A website associated with a data breach at the Department of Homeland Security is currently facing a distributed denial-of-service (DDoS) attack, reportedly orchestrated through Russian servers. This attack is aimed at a site linked to the leaked personal information of ICE agents, putting these individuals at risk of harassment or further exposure. The breach not only affects the privacy and security of those named but also raises concerns about the overall security of sensitive government data. The incident highlights ongoing tensions and the potential for cyber warfare, as attackers exploit vulnerabilities for political or social motives. As investigations continue, the implications for national security and the safety of federal agents remain significant.

Lumen's Black Lotus Labs has successfully disrupted a significant portion of the AISURU and Kimwolf botnet by blocking over 550 command-and-control (C2) servers. This botnet is notorious for facilitating DDoS attacks and proxy abuse, acting as a DDoS-for-hire service that has been used to target various organizations. By taking these C2 servers offline, Lumen aims to reduce the operational capabilities of this botnet, which has been a persistent problem for cybersecurity professionals. The disruption not only impacts the botnet operators but also helps protect potential victims from being targeted in future attacks. This action underscores the ongoing battle against cybercrime and highlights the importance of proactive measures in cybersecurity.

The Black Lotus Labs team at Lumen Technologies has taken significant action against the AISURU and Kimwolf botnets by null-routing over 550 command-and-control (C2) servers since early October 2025. These botnets have gained notoriety for their ability to commandeer devices and use them in distributed denial-of-service (DDoS) attacks. By cutting off access to these C2 nodes, researchers aim to disrupt the operations of these botnets, which primarily target Android devices. This move is crucial as it not only protects potential victims from being exploited but also highlights the ongoing battle against cybercriminals who leverage such networks for malicious activities. The impact of these botnets underscores the need for continued vigilance in cybersecurity practices, especially for users of vulnerable devices.

The Kimwolf Android botnet has expanded significantly, now comprising around 2 million devices. This botnet primarily targets residential proxy networks, allowing its operators to profit through various means, including launching Distributed Denial of Service (DDoS) attacks, installing applications without user consent, and selling proxy bandwidth. The growth of this botnet poses serious risks to users, as it can lead to unauthorized use of their devices and potential data breaches. It also raises concerns for internet service providers and businesses that may be targeted by DDoS attacks. The situation highlights the ongoing challenges in securing IoT devices and the need for users to be vigilant about their device security.

On Monday, the French national postal service, La Poste, experienced a significant disruption due to a Distributed Denial of Service (DDoS) attack. The attack caused central computer systems to go offline, impacting operations across the postal service. Pro-Russian hacker groups have claimed responsibility for the incident, raising concerns about the motivations behind such attacks amid ongoing geopolitical tensions. This incident not only disrupts postal services but also highlights the vulnerability of critical infrastructure to cyber threats. As La Poste works to restore services, this event serves as a reminder of the increasing frequency and severity of cyberattacks targeting essential services.