BotNet List - 2024 2023 2021 2020 2019 2018
DATE | NAME | Info | CATEG. | WEB |
| 10.4.25 | New Mirai botnet behind surge in TVT DVR exploitation | A significant spike in exploitation attempts targeting TVT NVMS9000 DVRs has been detected, peaking on April 3, 2025, with over 2,500 unique IPs scanning for vulnerable devices. | BotNet | |
| 10.4.25 | AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA Protections | Cybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that's used to spam website chats, comment | BotNet | The Hacker News |
|
19.3.25 |
BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse | At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX , | BotNet | The Hacker News |
|
17.3.25 |
Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year | An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at | BotNet | The Hacker News |
| 11.3.25 | Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices | Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. | BotNet | The Hacker News |
| 9.3.25 | Unpatched Edimax IP camera flaw actively exploited in botnet attacks | A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. | BotNet | BleepingComputer |
| 8.3.25 | New Eleven11bot botnet infects 86,000 devices for DDoS attacks | A new botnet malware named 'Eleven11bot' has infected over 86,000 IoT devices, primarily security cameras and network video recorders (NVRs), to conduct DDoS attacks. | BotNet | BleepingComputer |
| 3.3.25 | Vo1d Botnet's Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries | Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed | BotNet | The Hacker News |
| 27.2.25 | PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices | A new malware campaign has been observed targeting edge devices from Cisco, ASUS, QNAP, and Synology to rope them into a botnet named PolarEdge since at | BotNet | The Hacker News |
|
19.1.25 | MikroTik botnet uses misconfigured SPF DNS records to spread malware | A newly discovered botnet of 13,000 MikroTik devices uses a misconfiguration in domain name server records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains. | BotNet | BleepingComputer |
|
18.1.25 | Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation | Cybersecurity researchers have exposed a new campaign that targets web servers running PHP-based applications to promote gambling platforms in Indonesia. | BotNet | The Hacker News |
|
12.1.25 | New Mirai botnet targets industrial routers with zero-day exploits | A relatively new Mirai-based botnet has been growing in sophistication and is now leveraging zero-day exploits for security flaws in industrial routers and smart home devices. | BotNet | BleepingComputer |
|
10.1.25 | Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks | A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks. | BotNet | The Hacker News |
| 21.12.24 | Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords | Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that | BotNet | |
|
1.11.24 | Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft | Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly | BotNet | |
21.9.24 | Chinese botnet infects 260,000 SOHO routers, IP cameras with malware | The FBI and cybersecurity researchers have disrupted a massive Chinese botnet called "Raptor Train" that infected over 260,000 networking devices to target critical infrastructure in the US and in other countries. | BotNet | |
12.9.24 | Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances | The operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN | BotNet | The Hacker News |
10.9.24 | Quad7 botnet targets more SOHO and VPN routers, media servers | The Quad7 botnet is expanding its targeting scope with the addition of new clusters and custom implants that now also target Zyxel VPN appliances and Ruckus wireless routers. | BotNet | |
7.9.24 | GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware | A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver | BotNet | The Hacker News |
29.8.24 | Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks | A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into | BotNet | The Hacker News |
15.8.24 | New Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto Mining | Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that's targeting machines with weak SSH passwords to | BotNet | The Hacker News |
2.8.24 | Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal | Enterprise Resource Planning (ERP) Software is at the heart of many enterprising supporting human resources, accounting, shipping, and | BotNet | The Hacker News |
5.7.24 | New Golang-Based Zergeca Botnet Capable of Powerful DDoS Attacks | Cybersecurity researchers have uncovered a new botnet called Zergeca that's capable of conducting distributed denial-of-service | BotNet | The Hacker News |
7.6.24 | Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks | The distributed denial-of-service (DDoS) botnet known as Muhstik has been observed leveraging a now-patched security flaw impacting | BotNet | |
1.6.24 | Malware botnet bricked 600,000 routers in mysterious 2023 attack | A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that took 600,000 office/home office (SOHO) internet routers offline, according to a new report by researchers at Lumen's Black Lotus Labs. | BotNet | |
1.6.24 | US dismantles 911 S5 botnet used for cyberattacks, arrests admin | The U.S. Justice Department and international partners dismantled the 911 S5 proxy botnet and arrested 35-year-old Chinese national YunHe Wang, its administrator, in Singapore. | BotNet | |
30.5.24 | U.S. Dismantles World's Largest 911 S5 Botnet, with 19 Million Infected Devices | The U.S. Department of Justice (DoJ) on Wednesday said it dismantled what it described as "likely the world's largest botnet | BotNet | The Hacker News |
28.5.24 | Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique | The threat actors behind the CatDDoS malware botnet have exploited over 80 known security flaws in various software over | BotNet | The Hacker News |
18.5.24 | Ebury botnet malware infected 400,000 Linux servers since 2009 | A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023. | BotNet | |
18.5.24 | Botnet sent millions of emails in LockBit Black ransomware campaign | Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign. | BotNet | |
16.5.24 | Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years | A malware botnet called Ebury is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 | BotNet | The Hacker News |
| 9.5.24 | Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery | Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous Mirai | BotNet | The Hacker News |
| 2.5.24 | New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw | A never-before-seen botnet called Goldoon has been observed targeting D-Link routers with a nearly decade-old critical | BotNet | The Hacker News |
| 18.4.24 | Multiple botnets exploiting one-year-old TP-Link flaw to hack routers | At least six distinct botnet malware operations are hunting for TP-Link Archer AX21 (AX1800) routers vulnerable to a command injection security issue reported and addressed last year. | BotNet | |
| 9.4.24 | 10-Year-Old 'RUBYCARP' Romanian Hacker Group Surfaces with Botnet | A threat group of suspected Romanian origin called RUBYCARP has been observed maintaining a long-running botnet for carrying | BotNet | The Hacker News |
| 30.3.24 | TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy | A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office | BotNet | The Hacker News |
| 27.3.24 | Hackers poison source code from largest Discord bot platform | The Top.gg Discord bot community with over 170,000 members has been impacted by a supply-chain attack aiming to infect developers with malware that steals sensitive information. | BotNet | |
| 18.2.24 | FBI disrupts Russian Moobot botnet infecting Ubiquiti routers | The FBI took down a botnet of small office/home office (SOHO) routers used by Russia's Main Intelligence Directorate of the General Staff (GRU) to proxy malicious traffic and to target the United States and its allies in spearphishing and credential theft attacks. | BotNet | |
| 8.2.24 | After FBI Takedown, KV-Botnet Operators Shift Tactics in Attempt to Bounce Back | The threat actors behind the KV-botnet made "behavioral changes" to the malicious network as U.S. law enforcement began issuing commands to | BotNet | The Hacker News |
| 7.2.24 | Chinese hackers fail to rebuild botnet after FBI takedown | Chinese Volt Typhoon state hackers failed to revive a botnet recently taken down by the FBI, which was previously used in attacks targeting critical infrastructure across the United States. | BotNet | |
3.2.24 | FBI disrupts Chinese botnet by wiping malware from infected routers | The FBI has disrupted the KV Botnet used by Chinese Volt Typhoon state hackers to evade detection during attacks targeting U.S. critical infrastructure. | BotNet | |
2.2.24 | FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network | The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to | BotNet | The Hacker News |
2.2.24 | U.S. Feds Shut Down China-Linked "KV-Botnet" Targeting SOHO Routers | The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) | BotNet | The Hacker News |
11.1.24 | NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining | A new Mirai-based botnet called NoaBot is being used by threat actors as part of a crypto mining campaign since the beginning of 2023. "The capabilities of | BotNet | The Hacker News |