IoT Botnet Fuels Massive Global DDoS Attacks Targeting Organizations

A sophisticated Internet-of-Things (IoT) botnet known as AIRASHI has been detected orchestrating large-scale Distributed Denial-of-Service (DDoS) attacks targeting various global organizations, with a significant focus on Japanese corporations and international enterprises.

Discovered in late 2024, this botnet exploits vulnerable IoT devices to launch coordinated cyberattacks that have already caused substantial network disruptions across multiple sectors. Researchers have traced the botnet's command-and-control (C&C) servers with geographic concentrations in North America, Europe, and Asia.

The malware behind the AIRASHI botnet is derived from established threats like Mirai and Bashlite, enabling it to infiltrate devices through remote code execution vulnerabilities and weak initial passwords. Between December 2024 and January 2025, attacks were predominantly concentrated in the United States, Bahrain, and Poland, with targeted disruptions across financial, transportation, and communication sectors.

Infected device analysis revealed a concerning composition, with 80% being wireless routers and 15% IP cameras. Notably, TP-Link and Zyxel routers were the most exploited, with significant infection rates in India and South Africa. The botnet's sophisticated attack methodology includes multiple DDoS techniques such as TCP SYN Floods, UDP Floods, and GRE Floods.

The infection process occurs through three critical stages: initial infiltration via vulnerabilities, payload deployment directly into device memory, and activation by connecting to the C&C server. To evade detection, the malware employs customized User-Agent headers and manipulates firewall rules on compromised devices.

Cybersecurity experts recommend comprehensive mitigation strategies, including changing default passwords, regularly updating device firmware, limiting remote access, and segregating IoT devices into dedicated network segments. Organizations are advised to implement robust network-level defenses like firewalls, content delivery networks, and real-time traffic monitoring.

The emergence of the AIRASHI botnet underscores the growing threat landscape posed by insecure IoT ecosystems and the critical need for enhanced device security protocols across global technology infrastructures.

Found this article interesting? Keep visit thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive tips like this. 

You may also like these articles: Here are the 5 most contextually relevant blog posts: