VulnHub

The Black Lotus Labs team at Lumen Technologies has taken significant action against the AISURU and Kimwolf botnets by null-routing over 550 command-and-control (C2) servers since early October 2025. These botnets have gained notoriety for their ability to commandeer devices and use them in distributed denial-of-service (DDoS) attacks. By cutting off access to these C2 nodes, researchers aim to disrupt the operations of these botnets, which primarily target Android devices. This move is crucial as it not only protects potential victims from being exploited but also highlights the ongoing battle against cybercriminals who leverage such networks for malicious activities. The impact of these botnets underscores the need for continued vigilance in cybersecurity practices, especially for users of vulnerable devices.

The Kimwolf Android botnet has expanded significantly, now comprising around 2 million devices. This botnet primarily targets residential proxy networks, allowing its operators to profit through various means, including launching Distributed Denial of Service (DDoS) attacks, installing applications without user consent, and selling proxy bandwidth. The growth of this botnet poses serious risks to users, as it can lead to unauthorized use of their devices and potential data breaches. It also raises concerns for internet service providers and businesses that may be targeted by DDoS attacks. The situation highlights the ongoing challenges in securing IoT devices and the need for users to be vigilant about their device security.

On Monday, the French national postal service, La Poste, experienced a significant disruption due to a Distributed Denial of Service (DDoS) attack. The attack caused central computer systems to go offline, impacting operations across the postal service. Pro-Russian hacker groups have claimed responsibility for the incident, raising concerns about the motivations behind such attacks amid ongoing geopolitical tensions. This incident not only disrupts postal services but also highlights the vulnerability of critical infrastructure to cyber threats. As La Poste works to restore services, this event serves as a reminder of the increasing frequency and severity of cyberattacks targeting essential services.

The French postal service, La Poste, has been facing significant disruptions due to a major DDoS (Distributed Denial of Service) attack. This incident, which occurred just before Christmas, has rendered their online services largely inaccessible, impacting both customers and businesses that rely on postal services during the holiday season. La Poste acknowledged the situation and described it as a 'major network incident.' As the postal service works to restore functionality, users may experience delays and challenges in sending and receiving packages, which is particularly concerning during this busy time of year. The attack raises important questions about the security of critical infrastructure and the potential for further disruptions in similar sectors.

The Kimwolf Android botnet has been discovered infecting over 1.8 million devices, according to security researchers at XLab. This botnet, which is linked to the previously identified Aisuru botnet, has been responsible for sending more than 1.7 billion commands for Distributed Denial of Service (DDoS) attacks. The scale of these attacks is significant, raising concerns about the potential for disruption to various online services. The fact that millions of devices are compromised highlights the ongoing vulnerability of Android systems to malware. Users should be cautious and consider securing their devices to prevent further infections and attacks.

A new botnet named Kimwolf has compromised around 1.8 million Android-based devices, including TVs, set-top boxes, and tablets. Researchers from QiAnXin XLab report that this botnet may be linked to another one known as AISURU. Kimwolf is built using the Native Development Kit (NDK), which allows attackers to control these devices and use them for large-scale distributed denial-of-service (DDoS) attacks. This incident raises concerns about the security of smart devices, as many consumers may not realize their equipment can be hijacked in this way. Users of affected devices should be vigilant and consider measures to secure their systems against such threats.

The article discusses a record-breaking DDoS attack powered by the Aisuru botnet, which peaked at 29 Tbps. Cloudflare successfully mitigated this attack, highlighting the growing severity of DDoS threats and the need for robust cybersecurity measures.

Cloudflare's Q3 2025 DDoS Threat Report highlights the unprecedented scale of a DDoS attack launched by the Aisuru botnet, reaching 29.7 Tbps. This surge in attacks indicates a growing threat landscape, particularly affecting critical sectors and emphasizing the need for enhanced cybersecurity measures.

Cloudflare has reported the largest DDoS attack ever recorded, reaching 29.7 Tbps, attributed to the AISURU botnet, which has been linked to multiple significant attacks over the past year. This incident underscores the growing threat posed by botnets and the need for robust cybersecurity measures to mitigate such high-volume attacks.

The Aisuru botnet has executed over 1,300 DDoS attacks in three months, with one attack reaching a staggering 29.7 terabits per second, setting a new record. This level of attack highlights the increasing capabilities of botnets and poses significant risks to online services and infrastructure.

This week, significant cybersecurity threats emerged as hackers exploited new 0-day vulnerabilities in Fortinet and Chrome, infiltrating supply chains and SaaS tools. The rapid response from major companies like Microsoft, Salesforce, and Google highlights the severity of these attacks and the ongoing challenges in securing trusted applications and software updates.