A new botnet called Eleven11bot has compromised over 86,000 IoT devices, mainly security cameras and network video recorders (NVRs), to launch powerful DDoS attacks.
First identified by Nokia researchers and reported to GreyNoise, the botnet has already targeted telecom providers and online gaming servers, with some attacks lasting for days and reaching hundreds of millions of packets per second.
GreyNoise and Censys have tracked 1,400 IPs associated with Eleven11bot, with 96% coming from real devices rather than spoofed addresses, and a significant number originating from Iran.
The malware spreads by brute-forcing weak or default admin credentials and scanning for exposed Telnet and SSH ports, allowing it to rapidly expand across vulnerable devices.
The Shadowserver Foundation confirmed that most infected devices are located in the United States, the United Kingdom, Mexico, Canada, and Australia.
Defenders are advised to block the known malicious IPs associated with the botnet and monitor for unauthorized login attempts.
To protect IoT devices, users should update firmware, disable unnecessary remote access, and replace devices that have reached end-of-life support.
With its rapid growth and massive attack power, Eleven11bot is one of the largest botnet campaigns observed since early 2022.
Logging you in...
Loading IntenseDebate Comments...