Oleg Nefyodov, the leader of the cybercrime group Black Basta, detained in Armenia, took advantage of the court delay and fled, causing international outcry.
61 
More than 30,000 compromised surveillance cameras and DVRs are part of a powerful botnet called Eleven11bot, which is used to launch DDoS attacks on telecommunications companies and gaming platforms. Researchers from Nokia Deepfield and GreyNoise noted that the attackers are using weak passwords and brute-force attacks to access Internet of Things (IoT) devices.
Experts report that about 60% of the 1,042 IP addresses recorded as being associated with the botnet are located in Iran. GreyNoise emphasizes that it does not officially identify the perpetrators, but notes that the attacks began after the Trump administration imposed new sanctions on Iran. Jerome Meyer of Nokia Deepfield noted that the scale of Eleven11bot makes it one of the largest DDoS botnets among non-state actors since Russia’s invasion of Ukraine in 2022. The intensity of the attacks ranges from hundreds of thousands to hundreds of millions of packets per second. Censys researchers have identified 1,400 IP addresses potentially linked to the botnet, while GreyNoise has recorded 1,042 of them in the past month alone. What is striking is that 96% of the devices are not using spoofed IP addresses, but are real surveillance cameras.
GreyNoise draws attention to the fact that the botnet actively uses certain brands of cameras, in particular VStarcam, which have built-in credentials, which makes them easier to hack.
Experts recommend taking measures to protect IoT devices:
Experts warn that large-scale DDoS attacks can continue as long as vulnerable IoT devices remain unprotected. The security of smart devices should be a priority for both businesses and the general public to avoid falling victim to botnets.
61 
62 
82