Draft:Aisuru

Submission declined on 1 November 2025 by Theroadislong (talk).

This draft's references do not show that the subject qualifies for a Wikipedia article. In summary, the draft needs multiple published sources that are:

in-depth (not just passing mentions about the subject)
reliable
secondary
independent of the subject

Make sure you add references that meet these criteria before resubmitting. Learn about mistakes to avoid when addressing this issue. If no additional references exist, the subject is not suitable for Wikipedia.

If you would like to continue working on the submission, click on the "Edit" tab at the top of the window.
If you have not resolved the issues listed above, your draft will be declined again and potentially deleted.
If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors.
Please do not remove reviewer comments or this notice until the submission is accepted.

Where to get help

If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews.
If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed.

How to improve a draft

Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia.
Help:Wikitext – how to use the markup
Help:Referencing for beginners – how to include references
Wikipedia:Article development – how to develop your article
Wikipedia:Writing better articles – how to improve your article
Wikipedia:Verifiability – make sure your article includes reliable third-party sources

You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article.

Improving your odds of a speedy review

To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags.

Add tags to your draft

Editor resources

Easy tools: Citation bot (help) | Advanced: Fix bare URLs

Declined by Theroadislong 26 days ago. Last edited by Theroadislong 26 days ago. Reviewer: Inform author.

Resubmit

Please note that if the issues are not fixed, the draft will be declined again.

Aisuru (aka NAKOTNE^[1]) is a botnet powered by hacked internet-connected devices. Most of the devices are consumer-grade routers, security cameras, and digital video recorders.

The botnet has been used to perform distributed denial of service attacks on video game servers as well as the news blog of journalist Brian Krebs. It is capable of directing over 11 Tbps of internet traffic at its targets.

The operators of the botnet rent access to the network of compromised devices selling attack capabilities of up to 2 Tbps, but forbid targeting healthcare facilities, schools, or government resources. These services are advertised on multiple public Telegram channels.

Capabilities

In addition to high-bandwidth attacks, the botnet is capable of flooding networks with high-throughput attacks. These attacks consist of sending a huge number of small packets per second (pps) which can quickly overwhelm the routers and layer 3 switches of victim networks. The botnet reportedly can direct over 4 billion packets per second (pps) at its victims.^[2]

In October of 2025, the operators of the botnet added functionality to their malware which would allow the infected devices to be used as residential proxies in addition to the existing DDoS features. As a proxy, the infected devices could be used by cybercriminals to masquerade as normal internet users, masking their location and evading detection by cybersecurity products.^[3]

Attacks

May 2025: KrebsOnSecurity

On May 12, 2025 krebsonsecurity.com, the cybersecurity blog published by Brian Krebs was attacked by the botnet. The attack traffic peaked at 6.35 Tbps and was the largest DDoS Project Shield, which protects the blog, had ever mitigated.^[4]

Oct 2025: TCPShield

On October 8, 2025 a DDoS protection service based in Australia named TCPShield came under attack by Aisuru. The botnet hit TCPShield with over 15 Tbps of traffic. The attack caused OVH, a cloud provider, to drop TCPShield as a customer after the attack affected other OVH customers.^[5]

Spreading Methods

The botnet spreads by compromising publicly-accessible devices which have security vulnerabilities.

Vulnerability	Affected vendor	Affected devices
CVE-2013-1599	D-Link	DCS-3411 firmware
CVE-2013-3307	Linksys	Linksys X3000
CVE-2013-5948	T-Mobile	Tm-Ac1900
CVE-2017-5259	Cambium Networks	cnPilot R190V firmware
CVE-2022-44149	Nexxt	Amp300 (router)
CVE-2023-28771	Zyxel	Zyxel ATP; Zyxel USG FLEX; Zyxel VPN; Zyxel ZyWALL/USG
CVE-2023-50381	Realtek	rtl819x Jungle SDK v3.4.11
CVE-2022-35733	UNIMO	UDR-JA1004 / JA1008 / JA101 DVRs
CVE-2024-3721	TBK	DVR

In April 2025, the botnet operators compromised the update server for router manufacturer TOTOLINK and uploaded a malicious update. When TOTOLINK devices checked for firmware updates, they downloaded and installed the infected firmware.^[6]

Evasion Techniques

When starting up, the malware attempts to detect if it is being analyzed by a security researcher. These checks include:

Network traffic is being captured by Wireshark or tcpdump
The malware is being run inside a virtual machine

If any of the checks pass, the malware exits immediately.^[6]

This computer security article is a stub. You can help Wikipedia by expanding it.

^ Lakshmanan, Ravie (Jan 22, 2025). "Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet". thehackernews.com. Retrieved Oct 31, 2025.
^ Dobbins, Roland (Oct 24, 2025). "ASERT Threat Summary: Aisuru and Related TurboMirai Botnet DDoS Attack Mitigation and Suppression—October 2025—v1.0". netscout. Retrieved Oct 31, 2025.
^ "Aisuru Botnet Shifts from DDoS to Residential Proxies – Krebs on Security".
^ Krebs, Brian (May 20, 2025). "KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS". krebsonsecurity. Retrieved Oct 31, 2025.
^ Krebs, Brian (Oct 10, 2025). "DDoS Botnet Aisuru Blankets US ISPs in Record DDoS". krebsonsecurity. Retrieved Oct 31, 2025.
^ ^a ^b Hao, Wang; Turing, Alex; Acey9 (Sep 15, 2025). "The Most Powerful Ever? Inside the 11.5Tbps-Scale Mega Botnet AISURU". Qianxin XLab. Retrieved Oct 31, 2025.{{cite web}}: CS1 maint: numeric names: authors list (link)

[1] Lakshmanan, Ravie (Jan 22, 2025). "Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet". thehackernews.com. Retrieved Oct 31, 2025.

[netscout-2] Dobbins, Roland (Oct 24, 2025). "ASERT Threat Summary: Aisuru and Related TurboMirai Botnet DDoS Attack Mitigation and Suppression—October 2025—v1.0". netscout. Retrieved Oct 31, 2025.

[3] "Aisuru Botnet Shifts from DDoS to Residential Proxies – Krebs on Security".

[4] Krebs, Brian (May 20, 2025). "KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS". krebsonsecurity. Retrieved Oct 31, 2025.

[5] Krebs, Brian (Oct 10, 2025). "DDoS Botnet Aisuru Blankets US ISPs in Record DDoS". krebsonsecurity. Retrieved Oct 31, 2025.

[super-large-6] Hao, Wang; Turing, Alex; Acey9 (Sep 15, 2025). "The Most Powerful Ever? Inside the 11.5Tbps-Scale Mega Botnet AISURU". Qianxin XLab. Retrieved Oct 31, 2025.{{cite web}}: CS1 maint: numeric names: authors list (link)

[1]

[2]

[3]

[4]

[5]

[6]