In a significant move, the FBI recently announced the release of over 95,000 devices that had been previously compromised by botnets. These devices, which were once under the control of malicious actors, have been cleansed of malware and are now back to normal operations. However, this brief moment of relief was short-lived. Within a matter of weeks, nearly a quarter of these devices found themselves reinfected, with cybercriminals leveraging them to further their malicious activities, including ransomware distribution and the execution of Distributed Denial of Service (DDoS) attacks.
What Are Botnets?
To understand the implications of this incident, it’s essential to first grasp the concept of botnets. A botnet is a network of internet-connected devices—such as smart TVs, routers, CCTV cameras, and even household appliances—that have been infected with malicious software (malware). Once compromised, these devices are controlled remotely by cybercriminals, who can use them for various illicit purposes. Typically, hackers either lease or commandeer these botnets to carry out DDoS attacks, or in some cases, to deploy ransomware or steal sensitive data.
The Mechanism of DDoS Attacks
A DDoS attack is essentially a flood of malicious internet traffic directed at a specific web server. The aim is to overwhelm the target with so much traffic that it becomes inaccessible to legitimate users. This tactic is used to disrupt services, cause downtime, and damage the reputation of organizations. A compromised botnet, with its large number of devices, can generate millions or even billions of requests in a short period, making it a powerful weapon for cybercriminals.
The Aisuru Group and the Return of the DDoS Attacks
The group behind this most recent wave of attacks is believed to be Aisuru, a notorious hacking collective known for its use of botnets in large-scale cyberattacks. After the FBI’s efforts to rid the internet of these infected devices, around 25% of the 95,000 units were once again hijacked by the Aisuru group. These devices were then used to launch one of the largest DDoS attacks ever recorded.
On September 1st, 2025, this attack reached a staggering 11.5 trillion packets per second, setting a new record for DDoS traffic intensity. According to Cloudflare, a leading cloud-based network service provider, the scale of this attack was so massive that it had the potential to degrade the performance of over 50,000 home routers simultaneously. This highlights the sheer power of botnets and their growing capacity to disrupt not just individual systems but entire infrastructures.
The Global Risk: Beyond Websites and Servers
While DDoS attacks have traditionally targeted websites and hosting servers, their scope has evolved. As Craig Labovitz, the Chief Technology Officer at Nokia Deepfield, points out, botnets are increasingly being used to attack critical infrastructure, such as national grids, transportation systems, and government networks. This shift in tactics has raised alarms worldwide, as it signals a dangerous new frontier in cyber warfare. A botnet’s ability to infiltrate vital systems puts entire nations at risk of instability, both digitally and physically.
Cyber Warfare: A New Digital Battlefield
A prime example of this growing threat is the case of Russia’s cyberattack on Ukraine’s banking systems in March 2022. This attack, which was part of a broader military invasion, was widely regarded as a “digital assault” on Ukraine’s sovereignty. However, the tides seem to be turning in the ongoing cyber conflict. Ukraine, leveraging its own cyber capabilities, has launched several counterattacks using botnets. These attacks have successfully disrupted the operations of a Russian nuclear power plant, which had been providing electricity to parts of Russia during the conflict.
This marks a new chapter in the digital age of warfare, where nations use cyberattacks not only to target military assets but also to disrupt critical infrastructure that could have severe economic and social repercussions.
The Growing Threat of Botnets in National Security
The intersection of cybercrime and national security is becoming increasingly blurred. Botnets, once thought of primarily as tools for cybercriminals to make money through attacks like ransomware, are now seen as weapons of war. The consequences of botnet-driven attacks could be far-reaching, affecting everything from a nation’s financial stability to its energy security.
As cybercrime groups like Aisuru continue to refine their tactics and expand their operations, the international community must remain vigilant. Governments and organizations must invest in better cybersecurity infrastructure, improve detection and prevention systems, and collaborate to combat the ever-evolving botnet threat.
Conclusion
The FBI’s release of 95,000 compromised devices was intended to be a major step toward securing the internet, but the rapid reinfection of these devices by cybercriminals demonstrates the ongoing vulnerability of the global digital ecosystem. As botnets continue to evolve and grow in power, their potential for harm becomes ever more significant, not just for individual users, but for entire nations. The digital battlefield is only getting more complex, and the stakes are higher than ever.
Join our LinkedIn group Information Security Community!
