• Home
  • cyber
  • D-Link: Mirai Botnet Growth Spurs Massive DDoS Attacks and Proxy Exploits
cyber Vulnerability

D-Link: Mirai Botnet Growth Spurs Massive DDoS Attacks and Proxy Exploits

Mar 19, 2026 2 min read
D-Link: Mirai Botnet Growth Spurs Massive DDoS Attacks and Proxy Exploits

Botnet Surge in 2025: Record DDoS Attacks and Evolving Threats

Botnet activity reached unprecedented levels in 2025, with security researchers documenting a sharp rise in distributed denial-of-service (DDoS) attacks and advanced evasion tactics. Spamhaus reported a 26% increase in botnet command-and-control (C2) servers in the first half of the year, followed by a 24% jump in the second half, culminating in 21,425 C2 servers detected between July and December alone.

The surge is attributed to the proliferation of open-source botnet code, the expansion of poorly secured IoT devices, and the evolution of Mirai-based malware variants. First identified in 2016, Mirai remains a dominant threat, exploiting devices running ARC processors with default credentials or unpatched vulnerabilities. The public release of its source code enabled threat actors to create 116 distinct variants from over 21,000 analyzed samples, including Satori, which infected 260,000 routers in 2017 by targeting a flaw in D-Link DSL-2750B devices.

The most disruptive botnet in 2025 was Aisuru-KimWolf, a Mirai descendant responsible for record-breaking DDoS attacks, including a 31.4 terabit-per-second (Tbps) assault and a 14.1 billion packet-per-second (PPS) attack. The botnet compromised 1–4 million devices globally, with its infrastructure spanning Canada and Germany. On March 19, 2026, the U.S. Department of Justice announced coordinated disruption efforts, seizing DigitalOcean virtual servers linked to Aisuru, KimWolf, JackSkid, and Mossad botnets. Court documents revealed over 3 million infected devices and hundreds of thousands of DDoS attacks, often accompanied by extortion demands.

Despite law enforcement actions, the commoditization of botnet tools, unpatched IoT devices, and persistent default credentials ensure that Mirai and its variants will remain a persistent threat.

Source: https://cyberpress.org/mirai-botnet-drives-ddos-surge/

D-Link cybersecurity rating report: https://www.rankiteo.com/company/dlink-corp

"id": "DLI1774527833",
"linkid": "dlink-corp",
"type": "Vulnerability",
"date": "3/2026",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'location': ['Global', 'Canada', 'Germany'],
                        'type': 'IoT Devices'}],
 'attack_vector': ['Botnet', 'IoT Exploitation'],
 'date_detected': '2025',
 'date_publicly_disclosed': '2026-03-19',
 'description': 'Botnet activity reached unprecedented levels in 2025, with '
                'security researchers documenting a sharp rise in distributed '
                'denial-of-service (DDoS) attacks and advanced evasion '
                'tactics. The surge is attributed to the proliferation of '
                'open-source botnet code, the expansion of poorly secured IoT '
                'devices, and the evolution of Mirai-based malware variants. '
                'The most disruptive botnet in 2025 was Aisuru-KimWolf, '
                'responsible for record-breaking DDoS attacks, including a '
                '31.4 Tbps assault and a 14.1 billion PPS attack. The U.S. '
                'Department of Justice announced coordinated disruption '
                'efforts in March 2026, seizing infrastructure linked to '
                'multiple botnets.',
 'impact': {'operational_impact': 'Hundreds of thousands of DDoS attacks',
            'systems_affected': '1–4 million devices globally'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'The commoditization of botnet tools, unpatched IoT '
                    'devices, and persistent default credentials ensure that '
                    'Mirai and its variants will remain a persistent threat.',
 'motivation': ['Extortion', 'Disruption'],
 'post_incident_analysis': {'root_causes': ['Proliferation of open-source '
                                            'botnet code',
                                            'Poorly secured IoT devices',
                                            'Evolution of Mirai-based malware '
                                            'variants']},
 'references': [{'source': 'Spamhaus'},
                {'source': 'U.S. Department of Justice'}],
 'response': {'containment_measures': 'Seizure of DigitalOcean virtual servers',
              'law_enforcement_notified': 'Yes (U.S. Department of Justice)'},
 'threat_actor': ['Aisuru-KimWolf', 'Satori', 'JackSkid', 'Mossad'],
 'title': 'Botnet Surge in 2025: Record DDoS Attacks and Evolving Threats',
 'type': 'DDoS Attack',
 'vulnerability_exploited': ['Default credentials',
                             'Unpatched vulnerabilities',
                             'ARC processor flaws']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.