TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Krebs on Security

Anti-DDoS Firm Heaped Attacks on Brazilian ISPs

BrianKrebs · 6 days ago · Read original ↗

ATT&CK techniques detected

14 predictions
T1498Network Denial of Service
92%
"anti - ddos firm heaped attacks on brazilian isps a brazilian tech firm that specializes in protecting networks from distributed denial - of - service ( ddos ) attacks has been enabling a botnet responsible for an extended campaign of massive ddos attacks against other network op…"
T1584.005Botnet
77%
"party network forensics firm to investigate further. “ our working assessment so far is that this all started with a single internal compromise — one pivot point that gave the attacker downstream access to some resources, including a legacy personal droplet of mine, ” he wrote. “…"
T1498Network Denial of Service
75%
"networks, a brazilian isp that primarily offers ddos protection to other brazilian network operators. founded in miami, fla. in 2014, huge networks ’ s operations are centered in brazil. the company originated from protecting game servers against ddos attacks and evolved into an …"
T1071.004DNS
71%
"spoofed dns queries to these servers so that the request appears to come from the target ’ s network. that way, when the dns servers respond, they reply to the spoofed ( targeted ) address. by taking advantage of an extension to the dns protocol that enables large dns messages, b…"
T1498.001Direct Network Flood
71%
"anti - ddos firm heaped attacks on brazilian isps a brazilian tech firm that specializes in protecting networks from distributed denial - of - service ( ddos ) attacks has been enabling a botnet responsible for an extended campaign of massive ddos attacks against other network op…"
T1584.005Botnet
58%
"##net seeks out tp - link devices that remain vulnerable to cve - 2023 - 1389, an unauthenticated command injection vulnerability that was patched back in april 2023. malicious domains in the exposed python attack scripts included dns lookups for hikylover [. ] st, and c. loyalty…"
T1498Network Denial of Service
57%
"##igation firm that was using the botnet to attack gaming servers and scare up new clients. in may 2025, krebsonsecurity was hit by another mirai - based ddos that google called the largest attack it had ever mitigated. that report implicated a 20 - something brazilian man who wa…"
T1584.002DNS Server
46%
"spoofed dns queries to these servers so that the request appears to come from the target ’ s network. that way, when the dns servers respond, they reply to the spoofed ( targeted ) address. by taking advantage of an extension to the dns protocol that enables large dns messages, b…"
T1498.001Direct Network Flood
42%
"##igation firm that was using the botnet to attack gaming servers and scare up new clients. in may 2025, krebsonsecurity was hit by another mirai - based ddos that google called the largest attack it had ever mitigated. that report implicated a 20 - something brazilian man who wa…"
T1583.002DNS Server
42%
"networks, a brazilian isp that primarily offers ddos protection to other brazilian network operators. founded in miami, fla. in 2014, huge networks ’ s operations are centered in brazil. the company originated from protecting game servers against ddos attacks and evolved into an …"
T1499Endpoint Denial of Service
41%
"anti - ddos firm heaped attacks on brazilian isps a brazilian tech firm that specializes in protecting networks from distributed denial - of - service ( ddos ) attacks has been enabling a botnet responsible for an extended campaign of massive ddos attacks against other network op…"
T1584.002DNS Server
34%
"networks, a brazilian isp that primarily offers ddos protection to other brazilian network operators. founded in miami, fla. in 2014, huge networks ’ s operations are centered in brazil. the company originated from protecting game servers against ddos attacks and evolved into an …"
T1583.005Botnet
32%
"party network forensics firm to investigate further. “ our working assessment so far is that this all started with a single internal compromise — one pivot point that gave the attacker downstream access to some resources, including a legacy personal droplet of mine, ” he wrote. “…"
T1557.001Name Resolution Poisoning and SMB Relay
31%
"networks, a brazilian isp that primarily offers ddos protection to other brazilian network operators. founded in miami, fla. in 2014, huge networks ’ s operations are centered in brazil. the company originated from protecting game servers against ddos attacks and evolved into an …"

Summary

A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm's chief executive says the malicious activity resulted from a security breach and was likely the work of a competitor trying to tarnish his company's public image.