Another huge new botnet is infecting thousands of webcams and video recorders for DDoS attacks

News
By published

Researchers are calling Eleven11bot one of the biggest non-government botnets in recent years

Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
(Image credit: Shutterstock)
  • A new botnet called Eleven11bot was spotted in the wild
  • It leverages weak and default credentials to compromise IoT devices
  • The botnet is operated by Iranian threat actors

Cybersecurity researchers say they have uncovered the “biggest non-government botnet” in recent years.

It is called Eleven11bot, and its malware was found on more than 86,000 Internet of Things (IoT) devices, according to multiple research teams, including Nokia, GreyNoise, and The Shadowserver Foundation.

The botnet is most likely operated by an Iranian threat actor, GreyNoise reported. It found some 1,400 IPs operating the botnet, the majority of which are based in the Middle Eastern country. The threat actors seem to be hunting for IoT devices with factory or weak credentials, and actively scanning for exposed Telnet and SSH ports, with compromised devices including webcams, Network Video Recorders (NVR), and similar.

Exceptional size

At the same time, The Shadowserver Foundation analyzed the spread of the malware, and found that the majority of compromised endpoints are located in the United States, United Kingdom, Mexico, Canada, and Australia.

Botnets are most commonly used for Distributed Denial-of-Service (DDoS) attacks, where infected devices overwhelm a target server, causing disruptions.

They are also used for sending massive spam campaigns, distributing phishing emails or malware while avoiding detection. Cybercriminals leverage botnets for credential stuffing and brute-force attacks, trying to break into accounts using stolen credentials.

Another frequent use is click fraud, where infected machines generate fake ad clicks to inflate revenue. Botnets also enable cryptojacking, secretly mining cryptocurrency on victims’ devices, slowing them down and increasing electricity costs. Additionally, they are used for data theft and espionage, stealing login credentials, financial data, or trade secrets.

Via BleepingComputer

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Industrial routers are being hit by zero-days from new Mirai botnets
A display showing off the Google TV homepage, with icons for 1917, Scoob!, YouTube and Twitch (among others)
This dangerous malware botnet now covers 1.6 million Android TVs - find out if you're at risk
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Dangerous new botnet targets webcams, routers across the world
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
IoT’s botnet problem is up 500% – three things admins must do now
botnet
Another top security camera maker is seeing devices hijacked into botnet
Latest in Security
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedlyleft users exposed for months
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Data leak
Top California sperm bank suffers embarrassing leak
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
ransomware avast
Billions of credentials were stolen from businesses around the world in 2024
Latest in News
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedlyleft users exposed for months
Google Pixel 9a
Google is delaying the Pixel 9a to fix a mystery “component quality issue”
The bottom left corner of an Android phone, showing the Phone, Messages, Google icons and Google Search bar
Google Messages remote delete will soon save you from texting embarrassment – and here's how it works
ExpressVPN mobile app and Aircove
ExpressVPN ‘reduces workforce’ for the second time in two years
The Nanoleaf PC Screen Mirror Lightstrip being used on a desktop computer.
Mac gaming could get an intriguing boost – but not in the way you'd expect
Snapdragon G Series
Qualcomm poised to muscle in on AMD's territory with powerful gaming handheld processors
More about security
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X

A worrying Apple Password App vulnerability reportedlyleft users exposed for months
DeepSeek

Fake DeepSeek installers are infecting your device with dangerous malware
Belkin BoostCharge 3-Port USB-C Wall Charger with PPS 67W on block against pink background

I tested this cheap triple-port charger from Belkin and it’s perfectly sized for any nook and cranny
See more latest
Most Popular
The bottom left corner of an Android phone, showing the Phone, Messages, Google icons and Google Search bar
Google Messages remote delete will soon save you from texting embarrassment – and here's how it works
Data center server room lit with green lights
Microsoft is MIA as Amazon, Meta, Google and others join consortium to triple nuclear energy output by 2050
Thrustmaster Sol-R flight stick
Thrustmaster announces the Sol-R 1 and Sol-R 2 HOSAS flight sticks designed for space sims like Elite Dangerous
Image of AC Shadows cover art & Steam Deck
It's not perfect, but Assassin's Creed Shadows' performance is impressive - it runs smoothly on the Steam Deck and Asus ROG Ally
Google Pixel 9a
Google is delaying the Pixel 9a to fix a mystery “component quality issue”
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedlyleft users exposed for months
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
The new KontrolFreek Call of Duty Performance Thumbsticks on a purple background.
Exclusive: the new KontrolFreek Call of Duty Performance Thumbsticks Speed Cola Edition might be the coolest looking yet and come with a limited in-game item
David running in the desert in House of David.
Prime Video’s hit new historical drama will continue its reign for another season as House of David gets renewed
ExpressVPN mobile app and Aircove
ExpressVPN ‘reduces workforce’ for the second time in two years