Jérôme Meyer
@jmeyer.infosec.exchange.ap.brid.gy
Security research at Nokia Deepfield (he/they).
EN/FR posts | Fan of Crocker’s Rules, art, and the Oxford comma.
[bridged from https://infosec.exchange/@jmeyer on the fediverse by https://fed.brid.gy/ ]
EN/FR posts | Fan of Crocker’s Rules, art, and the Oxford comma.
[bridged from https://infosec.exchange/@jmeyer on the fediverse by https://fed.brid.gy/ ]
Reposted by Jérôme Meyer
Been working on an important series of follow-up stories about the evolution of the Aisuru botnet, an Internet-of-Things (IoT) botnet that's been blamed for successive record-smashing DDoS attacks in recent months. Meanwhile, the people who have controlled Aisuru for some time recently insisted […]
Original post on infosec.exchange
infosec.exchange
December 16, 2025 at 6:02 PM
Been working on an important series of follow-up stories about the evolution of the Aisuru botnet, an Internet-of-Things (IoT) botnet that's been blamed for successive record-smashing DDoS attacks in recent months. Meanwhile, the people who have controlled Aisuru for some time recently insisted […]
The #kimwolf botnet roughly doubled its size in a week: https://x.com/xlab_qax/status/1997858921873342838?s=46
December 8, 2025 at 7:17 AM
The #kimwolf botnet roughly doubled its size in a week: https://x.com/xlab_qax/status/1997858921873342838?s=46
Reposted by Jérôme Meyer
New from @greynoise Labs: IP Check — a free tool to see if the network you're on has been compromised.
Residential proxy networks & IoT botnets are turning home & small biz connections into attack infrastructure. Most folks have no idea it's happening.
Visit check.labs.greynoise.io from any […]
Residential proxy networks & IoT botnets are turning home & small biz connections into attack infrastructure. Most folks have no idea it's happening.
Visit check.labs.greynoise.io from any […]
Original post on mastodon.social
mastodon.social
November 25, 2025 at 8:09 PM
New from @greynoise Labs: IP Check — a free tool to see if the network you're on has been compromised.
Residential proxy networks & IoT botnets are turning home & small biz connections into attack infrastructure. Most folks have no idea it's happening.
Visit check.labs.greynoise.io from any […]
Residential proxy networks & IoT botnets are turning home & small biz connections into attack infrastructure. Most folks have no idea it's happening.
Visit check.labs.greynoise.io from any […]
Reposted by Jérôme Meyer
New, by me: Is your Android TV streaming box part of a botnet?
"On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and […]
[Original post on infosec.exchange]
"On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and […]
[Original post on infosec.exchange]
November 24, 2025 at 7:13 PM
New, by me: Is your Android TV streaming box part of a botnet?
"On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and […]
[Original post on infosec.exchange]
"On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and […]
[Original post on infosec.exchange]
Good job everyone, we solved the DDoS-for-hire problem!
November 18, 2025 at 1:38 PM
Good job everyone, we solved the DDoS-for-hire problem!
Reposted by Jérôme Meyer
This commentary by Lawrence Stowe nails it on why sanctioning bulletproof hosting providers doesn't work unless you also revoke their network resources at the same time (or preferably before sanctions are announced/leaked) […]
Original post on infosec.exchange
infosec.exchange
November 7, 2025 at 4:59 PM
This commentary by Lawrence Stowe nails it on why sanctioning bulletproof hosting providers doesn't work unless you also revoke their network resources at the same time (or preferably before sanctions are announced/leaked) […]
Reposted by Jérôme Meyer
New, by me: Aisuru Botnet Shifts from DDoS to Residential Proxies
Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and […]
[Original post on infosec.exchange]
Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and […]
[Original post on infosec.exchange]
October 29, 2025 at 2:57 AM
New, by me: Aisuru Botnet Shifts from DDoS to Residential Proxies
Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and […]
[Original post on infosec.exchange]
Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and […]
[Original post on infosec.exchange]
My latest on the Nokia blog: why we (collectively) need to do more on outbound DDoS suppression, and build more resilient networks (and, yes, avoid further centralization of internet traffic).
The attack peak values we’ve been seeing these past couple of months (particularly from #aisuru) now […]
The attack peak values we’ve been seeing these past couple of months (particularly from #aisuru) now […]
Original post on infosec.exchange
infosec.exchange
October 23, 2025 at 12:26 PM
My latest on the Nokia blog: why we (collectively) need to do more on outbound DDoS suppression, and build more resilient networks (and, yes, avoid further centralization of internet traffic).
The attack peak values we’ve been seeing these past couple of months (particularly from #aisuru) now […]
The attack peak values we’ve been seeing these past couple of months (particularly from #aisuru) now […]
Tallinn fall
October 12, 2025 at 3:43 PM
Tallinn fall
Reposted by Jérôme Meyer
New, by me: DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast […]
[Original post on infosec.exchange]
The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast […]
[Original post on infosec.exchange]
October 10, 2025 at 4:43 PM
New, by me: DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast […]
[Original post on infosec.exchange]
The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast […]
[Original post on infosec.exchange]
Cloudflare now seeing yet-another record, at >22 Tbps. Only 40 seconds so quite likely to be a power proof / marketing material for the #DDoS-for-hire service operators; but we have a serious botnet centralization issue on our hands.
https://x.com/Cloudflare/status/1970244046946759024 […]
https://x.com/Cloudflare/status/1970244046946759024 […]
Original post on infosec.exchange
infosec.exchange
September 23, 2025 at 3:39 AM
Cloudflare now seeing yet-another record, at >22 Tbps. Only 40 seconds so quite likely to be a power proof / marketing material for the #DDoS-for-hire service operators; but we have a serious botnet centralization issue on our hands.
https://x.com/Cloudflare/status/1970244046946759024 […]
https://x.com/Cloudflare/status/1970244046946759024 […]
#rapperbot is no more: https://www.justice.gov/usao-ak/pr/oregon-man-charged-administering-rapper-bot-ddos-hire-botnet
(I had been wondering why the C2 nodes were being rude to our tracking clients since August 6. Now I know!)
(I had been wondering why the C2 nodes were being rude to our tracking clients since August 6. Now I know!)
Oregon man charged with administering “Rapper Bot” DDoS-for-hire Botnet
ANCHORAGE, Alaska – An Oregon man was charged by a federal criminal complaint today in the District of Alaska on charges related to his alleged development and administration of the “Rapper Bot” DDoS-for-hire Botnet that has conducted large-scale cyber-attacks since at least 2021.
www.justice.gov
August 19, 2025 at 7:35 PM
#rapperbot is no more: https://www.justice.gov/usao-ak/pr/oregon-man-charged-administering-rapper-bot-ddos-hire-botnet
(I had been wondering why the C2 nodes were being rude to our tracking clients since August 6. Now I know!)
(I had been wondering why the C2 nodes were being rude to our tracking clients since August 6. Now I know!)
Reposted by Jérôme Meyer
July 3, 2025 at 6:56 AM
Supposed to be enjoying a week off skiing, but the X DDoS-related outage brought me back a bit.
Hint: that attack has been botnet-driven.
Hint: that attack has been botnet-driven.
March 10, 2025 at 8:50 PM
Supposed to be enjoying a week off skiing, but the X DDoS-related outage brought me back a bit.
Hint: that attack has been botnet-driven.
Hint: that attack has been botnet-driven.