According to Nokia, the botnet is estimated to include around 30,000 webcams and video recorders, with 24.4% of the compromised devices located in the U.S. While not the largest botnet, Eleven11bot caused a distributed denial of service (DDoS) attack that peaked at 6.5 Tbps, surpassing the previous record of 5.6 Tbps set in January 2025, according to Cloudflare.
Eleven11bot botnet launched the largest DDoS attack ever recorded
Nokia's Deepfield Emergency Response Team discovered Eleven11bot after a series of distributed IP addresses launched "mega-attacks" in late February. Unlike traditional DDoS attacks, Eleven11bot's attacks flooded networks with massive amounts of data, causing disruptions lasting up to a week for telecommunications service providers and gaming hosting infrastructure.
Nokia security researcher Jérôme Meyer said that most of the IP addresses involved in these attacks had not previously been linked to DDoS activity, which makes the emergence of Eleven11bot particularly worrying. He also noted that the last comparable botnet of this size was discovered in 2022, shortly after the Russia-Ukraine conflict, with around 60,000 infected devices.
“This botnet is much larger than what we typically see in DDoS attacks,” Meyer said. “The attack intensity varies widely, from a few hundred thousand to a few hundred million packets per second.”
Is Nokia's estimate accurate?
While Nokia estimates the botnet to be around 30,000 devices, the nonprofit Shadowserver Foundation has revised that number up to more than 86,000. Security firm Greynoise, on the other hand, has put the estimate much lower, at just under 5,000 devices, with 61 percent of the IP activity originating from Iran. Meyer suggests that Shadowserver’s figure may be too high due to the way infected devices are identified.
Greynoise researchers believe Eleven11bot is a new variant of Mirai, a popular malware from 2016 that often infects Internet of Things (IoT) devices by exploiting default credentials or software vulnerabilities. They say Eleven11bot used a new vulnerability to infiltrate the Shenzhen TVT-NVMS 9000 digital video recorder.
To protect against Eleven11bot and other botnets, experts recommend users place IoT devices behind firewalls, disable remote administration when not needed, use strong and unique passwords, and regularly update firmware to patch vulnerabilities that botnets can exploit.
Source: https://thanhnien.vn/nokia-phat-hien-cuoc-tan-cong-ddos-lon-chua-tung-thay-185250307151845521.htm
Comment (0)