KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS (krebsonsecurity.com) 16

Posted by BeauHD on Tuesday May 20, 2025 @08:02PM from the under-attack dept.

KrebsOnSecurity was hit with a near-record 6.3 Tbps DDoS attack, believed to be a test of the powerful new Aisuru IoT botnet. The attack, lasting under a minute, was the largest Google has ever mitigated and is linked to a DDoS-for-hire operation run by a 21-year-old Brazilian known as "Forky." Brian Krebs writes: [Google Security Engineer Damian Menscher] said the attack on KrebsOnSecurity lasted less than a minute, hurling large UDP data packets at random ports at a rate of approximately 585 million data packets per second. "It was the type of attack normally designed to overwhelm network links," Menscher said, referring to the throughput connections between and among various Internet service providers (ISPs). "For most companies, this size of attack would kill them." [...]

The 6.3 Tbps attack last week caused no visible disruption to this site, in part because it was so brief -- lasting approximately 45 seconds. DDoS attacks of such magnitude and brevity typically are produced when botnet operators wish to test or demonstrate their firepower for the benefit of potential buyers. Indeed, Google's Menscher said it is likely that both the May 12 attack and the slightly larger 6.5 Tbps attack against Cloudflare last month were simply tests of the same botnet's capabilities. In many ways, the threat posed by the Aisuru/Airashi botnet is reminiscent of Mirai, an innovative IoT malware strain that emerged in the summer of 2016 and successfully out-competed virtually all other IoT malware strains in existence at the time.

This discussion has been archived. No new comments can be posted.

KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS

Load All Comments

Search 16 Comments Log In/Create an Account

Comments Filter:

-->

Time to classify this as terrorism (Score:4, Insightful)

by gweihir ( 88907 ) writes: on Tuesday May 20, 2025 @08:29PM (#65391949)

And invest appropriate effort into finding these cretins ...

- Re: Time to classify this as terrorism (Score:3)
  
  by NagrothAgain ( 4130865 ) writes:
  
  they know who it is, read the summary.
- - Re: (Score:2, Informative)
    
    by Anonymous Coward writes:
    
    Krebs is not based in Russia. Kaspersky is.
    - Re: Time to classify this as terrorism (Score:3)
      
      by Midnight_Falcon ( 2432802 ) writes:
      
      If Krebs was based on Russia, he'd be in the Gulag by now...maybe Black Dolphin prison. He's a thorn in the side of Russian hackers, exposing their methods, forums and identities publicly. Those hackers bring in tons of money from ransomware and scams, some of which ends up in Putin's slush fund. Chances are if Krebs visited Russia (which he definitely is not stupid enough to do) he'd be locked up for a prisoner exchange like Evan Gerskovich.
  - Re: (Score:2, Informative)
    
    by Anonymous Coward writes:
    
    Come on man. Literally the only thing they have in common is that their names start with a K.
    Don't be so lazy.
  - Re:Time to classify this as terrorism (Score:5, Informative)
    
    by divide overflow ( 599608 ) writes: on Tuesday May 20, 2025 @09:29PM (#65392019)
    
    Wrong. Brian Krebs lives with his wife Jennifer in Northern Virginia as it says on the About the Author [krebsonsecurity.com] page on his website.
    
  - Re: (Score:3)
    
    by sg_oneill ( 159032 ) writes:
    
    No he doesn't. Don't just make shit up. And if he was "beholden to putin" , he'd have fallen out a window long ago for constantly exposing russian hacking and disinfo plots.
  - Re: (Score:2)
    
    by gweihir ( 88907 ) writes:
    
    Nice hallucination you have there. Krebs is based in Arlington, VA, US.
    A 30 second effort with Google would have saved you from pushing a blatant, direct lie. But apparently you had zero interest in being truthful.
- Re: What's next? (Score:2)
  
  by vbdasc ( 146051 ) writes:
  
  And that new computer will be with Windows, I suppose? Global security will flourish.
  Even the summary clearly says that the culprit was an IoT botnet. But some people apparently can't read or understand written text. Or are too lazy to read, at least.
Great test (Score:4, Informative)

by viperidaenz ( 2515578 ) writes: on Tuesday May 20, 2025 @11:15PM (#65392159)

They showed the world that their botnet is not capable of hurting any site with Google or Cloudflare ddos protection. That the target doesn't even notice something happened until they hear about it in the news.

Why Advertise It? (Score:2)

by WankerWeasel ( 875277 ) writes:

The article says this is likely them showing off for potential buyers. If that's the case, seems silly to publicize it. Should just ignore it so the buyer sees it wasn't even noteworthy. Instead, they build it up even more and make it more appealing than ever for the buyer.
Forky? Really? (Score:2)

by Wokan ( 14062 ) writes:

How do you take a criminal seriously if their name comes from one of the later cash-grab Toy Story movies?

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS (krebsonsecurity.com) 16

KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS More Login

KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS

Time to classify this as terrorism (Score:4, Insightful)

Re: Time to classify this as terrorism (Score:3)

Re: (Score:2, Informative)

Re: Time to classify this as terrorism (Score:3)

Re: (Score:2, Informative)

Re:Time to classify this as terrorism (Score:5, Informative)

Re: (Score:3)

Re: (Score:2)

Re: What's next? (Score:2)

Great test (Score:4, Informative)

Why Advertise It? (Score:2)

Forky? Really? (Score:2)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot