KrebsOnSecurity Hit with 6.3 Tbps DDoS Attack via Aisuru Botnet

KrebsOnSecurity, the well-known cybersecurity blog run by investigative journalist Brian Krebs, was recently hit by a massive distributed denial-of-service (DDoS) attack that peaked at 6.3 terabits per second (Tbps). The attack, one of the largest recorded to date, is believed to have originated from a new Internet of Things (IoT) botnet named “Aisuru.”

The attack, which lasted around 45 seconds, was short but powerful. Despite the volume of traffic directed at the site, KrebsOnSecurity remained online, protected by Google’s Project Shield, a free service designed to defend news and journalism platforms from cyberattacks.

****Aisuru Botnet Behind the Attack****

According to Krebs, the source of the attack was the Aisuru botnet. Cybersecurity analysts at QiAnXin XLab originally identified the botnet in August 2024 composed primarily of compromised IoT devices such as routers, IP cameras, and digital video recorders. These devices were hijacked and turned into zombie devices, carrying out massive amounts of traffic at Krebs’ site in a coordinated attack.

The name “Aisuru” began appearing in underground forums earlier this year, associated with DDoS-for-hire services. While it’s still under investigation, early indicators suggest the botnet was stress-testing its capabilities, using KrebsOnSecurity as a high-profile target to showcase its power or send a message.

****A Familiar Tactic, But a New Scale****

Brian Krebs is no stranger to DDoS attacks. His blog, known for deep reporting on cybercrime groups and internet abuse, has been a repeated target over the years. As Hackread.com reported in 2016, his site was taken offline by a 620 Gbps attack powered by the Mirai botnet.

The 2025 incident shows just how much the threat has grown. At 6.3 Tbps, the Aisuru-powered DDoS attack was ten times the size of the 2016 attack, showing both the scale of modern botnets and the ongoing security vulnerabilities in consumer-grade IoT devices.

****Who’s Behind It?****

While attribution is always difficult in these cases, Kreb’s blog post detailing the attack points to an individual known online as “Forky.” The alias has been connected to forum posts offering DDoS services and botnet rentals, and security researchers have linked Forky to chatter around Aisuru.

In a Telegram conversation with Krebs, Forky denied orchestrating the attack on Krebs, claiming instead that someone else may have used the botnet without their direct involvement.

“Forky denied being involved in the attack but acknowledged that he helped to develop and market the Aisuru botnet. Forky claims he is now merely a staff member for the Aisuru botnet team, and that he stopped running the botnet roughly two months ago after starting a family.”

Brian Krebs

****What Now?****

Attacks of this scale are a massive threat to the future of online infrastructure. A 6.3 Tbps attack isn’t just a threat to blogs or small sites, it’s enough to knock entire hosting providers or data centers offline if left unmitigated. Remember, the Mirai botnet-powered DDoS attack on DYN DNS in October 2016 had a massive impact on the internet.

It also renews attention to the need for better security in internet-connected devices. Unlike its Airashi variant, most of the hardware used in Aisuru’s botnet is cheap, outdated, and often shipped with weak or default credentials. Until manufacturers take real steps to secure these devices, botnets will continue to grow, and attacks like this one will become more common.

HackRead will continue tracking developments around the Aisuru botnet and similar threats as more information becomes available.