FBI takes down major botnet but accidentally frees 95,000 devices

Hackers took over the very same hacked devices the FBI had just cleaned out. What was supposed to be a federal win turned into a feeding frenzy, where criminals moved fast to grab nearly 95,000 devices the agency had unintentionally freed.

This happened right after the FBI took down a botnet responsible for some of the worst cyberattacks ever recorded. According to The Wall Street Journal, that takedown opened the floodgates.

The devices, which were previously part of an illegal botnet, got hijacked again almost instantly. A rival botnet crew called Aisuru jumped on the opportunity.

They grabbed more than a quarter of the freed machines and started launching high-speed attacks that, according to Damian Menscher, a Google security engineer, are already breaking records. “It became a race to take them over as fast as possible,” Damian said.

Aisuru floods the internet with world-record DDoS attacks

On September 1, Cloudflare reported it had recorded the biggest DDoS attack ever seen. The attack pushed out 11.5 trillion bits per second of garbage traffic. That’s enough to kill the download speed of over 50,000 home internet connections in one hit.

Cloudflare posted about it on X, calling it a “world record” in intensity. Network operators say this was just one of many similar attacks in recent weeks. The attacks were short but massive—some only lasted seconds, likely just tests of the botnet’s full power.

The real danger is what these botnets are made of. Aisuru doesn’t use computers—it uses routers, smart TVs, and security cameras. Devices people forget, leave online, and rarely update. Once they’re hijacked, they become part of the army.

And once they’re part of a botnet, they’re locked in, only one botnet at a time. When the FBI removed the old malware, that opened the door for Aisuru to swoop in.

This comes right after prosecutors in August charged a 22-year-old man from Oregon for running a botnet that knocked X offline earlier this year. That attack showed how vulnerable even big platforms are to these kinds of cyberweapons. But what’s coming next looks a lot worse.

New botnets move from fraud to cyberwar

These aren’t just tech nuisances anymore. The new generation of botnets is being built using faster devices with stronger bandwidth, giving them far more muscle. Some experts say these networks can now be used to knock out internet access across entire countries.

Craig Labovitz, head of tech at Nokia’s Deepfield division, put it simply: “Before the concern was websites; now the concern is countries.” It’s already happened. The UK said Russia’s GRU launched DDoS attacks on Ukraine’s banks in 2022, just before its military invasion.

Now, criminal networks seem to be following that same playbook, but on a global scale. One network that Google killed earlier this year had grown from 74,000 Android TV devices in 2023 to over 10 million in just two years.

That made it the biggest known botnet made of smart TVs. Google said it was used to click billions of ads in a massive fraud scheme, but warned it could just as easily be turned into a weapon, either for ransomware or internet takedowns.

Meanwhile, another botnet called ResHydra is growing even bigger. Built from tens of millions of devices, ResHydra started with basic fraud but has now begun launching online attacks. Chris Formosa, a researcher at Lumen’s Black Lotus Labs, said that controlling a network of that size would let someone “do extreme damage to a country.”

Until now, only big cloud services like Google Cloud and Amazon Web Services have been able to block most of these attacks. But even those defenses could fall if botnets like Aisuru or ResHydra get stronger or combine forces.

Want your project in front of crypto’s top minds? Feature it in our next industry report, where data meets impact.