A new Internet of Things (IoT) botnet, dubbed ‘Aisuru,’ has been linked to record-breaking distributed denial-of-service (DDoS) attacks exceeding 20 terabits per second (Tbps), according to a new report from Netscout.
Aisuru is related to “TurboMirai” malware, general class of Mirai-variant DDoS botnets capable of generating multi-tb/sec and -gpps direct-path DDoS attacks. However, Netscout researchers note that the botnet’s lack of spoofing functionality makes it more vulnerable to mitigation and cleanup efforts.
Operating as a DDoS-for-hire service, Aisuru has primarily targeted online gaming platforms, avoiding government, military, and law enforcement networks. The botnet is made up largely of consumer-grade IoT devices such as home routers, CCTV cameras, and DVR systems running similar OEM firmware.
Netscout says that Aisuru retains Mirai’s UDP, TCP, GRE, and DNS flood capabilities, but adds enhanced attack methods such as carpet-bombing, pseudo-random port targeting, and application-layer HTTP floods. The malware can execute both high-bandwidth and high-throughput attacks, capable of overwhelming services through direct and cross-network vectors.
Unlike older botnets, Aisuru’s nodes operate within broadband networks that enforce source-address validation (SAV), preventing traffic spoofing.