Cloudflare Cuts Aisuru Botnet Ranks by Filtering Queries (40 chars)
Summary
The security landscape experienced a temporary anomaly in early October when the massive Aisuru botnet, composed of hundreds of thousands of compromised IoT devices debuting in 2024, briefly dominated Cloudflare’s public domain rankings 1. This distortion occurred because the threat actor controlling Aisuru migrated infected systems from Google DNS (8.8.8.8) to Cloudflare DNS (1.1.1.1) 1. This massive influx caused control domains to flood Cloudflare’s measurement system, which tracks the volume of 1.1.1.1 queries, potentially skewing reputation metrics 1. Building on this infrastructure dependency issue, Cloudflare CEO Matthew Prince confirmed the scale of the activity, noting the botnet was capable of DDoS attacks approaching 30 terabits per second 1. In response to malicious domains outranking giants like Amazon and Google for a week, Cloudflare scrubbed the Aisuru domains from its top list 1. Cloudflare appended a note clarifying that the rankings reflected both emerging malicious behavior and standard organic traffic, highlighting the fragility of infrastructure-dependent metrics 1.
Key Moments
-
The massive Aisuru botnet, composed of hundreds of thousands of hacked IoT devices that debuted in 2024, temporarily dominated Cloudflare’s public domain rankings in early October.
— Article [1] -
The botnet, capable of launching DDoS attacks approaching 30 terabits per second, shifted infected systems from Google DNS (8.8.8.8) to Cloudflare DNS (1.1.1.1).
— Article [1] -
Cloudflare ultimately scrubbed the Aisuru botnet domains from their top domains list after they occupied top positions for a week.
— Article [1] -
Cloudflare appended a note acknowledging the rankings reflected both emerging malicious behavior and standard organic activity.
— Article [1]
Different Perspectives
Supporting View
Cloudflare CEO Matthew Prince confirmed the issue, indicating the measurement system tracks query volume to 1.1.1.1, which the botnet migration overloaded.