New DDoS Botnet Discovered: Over 30,000 Hacked Devices, Majority of Observed Activity Traced to Iran

Nokia Deepfield's Emergency Response Team has identified a new global botnet designated as Eleven11bot. This malicious network has rapidly expanded, compromising over 30,000 internet-connected devices, specifically targeting security cameras and network video recorders. The primary function of this botnet is to launch powerful distributed denial-of-service attacks. While specific threat actor groups remain unnamed, the majority of observed malicious activity has been traced back to Iran, suggesting a potential geographic origin for the command and control infrastructure. The scale of infection poses a significant risk to network availability and stability for targeted organizations globally. Security teams should prioritize auditing exposed IoT devices, enforcing strong authentication protocols, and monitoring network traffic for anomalous outbound connections. Owners of affected hardware must immediately apply firmware updates and change default credentials to mitigate potential infections and prevent participation in downstream distributed denial-of-service attacks launched by this expanding botnet infrastructure.

A newly discovered global cyber threat is rapidly expanding, infecting tens of thousands of internet-connected devices to launch powerful cyberattacks. Nokia Deepfield’s Emergency Response Team (ERT) has identified a new botnet, tracked as Eleven11bot, which they estimated has compromised over 30,000 devices, primarily security cameras and network video recorders (NVRs).

Nokia Deepfield's Emergency Response Team has identified a new global botnet designated as Eleven11bot. This malicious network has rapidly expanded, compromising over 30,000 internet-connected devices, specifically targeting security cameras and network video recorders. The primary function of this botnet is to launch powerful distributed denial-of-service attacks. While specific threat actor groups remain unnamed, the majority of observed malicious activity has been traced back to Iran, suggesting a potential geographic origin for the command and control infrastructure. The scale of infection poses a significant risk to network availability and stability for targeted organizations globally. Security teams should prioritize auditing exposed IoT devices, enforcing strong authentication protocols, and monitoring network traffic for anomalous outbound connections. Owners of affected hardware must immediately apply firmware updates and change default credentials to mitigate potential infections and prevent participation in downstream distributed denial-of-service attacks launched by this expanding botnet infrastructure. A newly discovered global cyber threat is rapidly expanding, infecting tens of thousands of internet-connected devices to launch powerful cyberattacks. Nokia Deepfield’s Emergency Response Team (ERT) has identified a new botnet, tracked as Eleven11bot, which they estimated has compromised over 30,000 devices, primarily security cameras and network video recorders (NVRs). A newly discovered global cyber threat is rapidly expanding, infecting tens of thousands of internet-connected devices to launch powerful cyberattacks. Nokia Deepfield’s Emergency Response Team (ERT) has identified a new botnet, tracked as Eleven11bot, which they estimated has compromised over 30,000 devices, primarily security cameras and network video recorders (NVRs).