The internet connects our homes and offices, but researchers at Pulsedive and Spamhaus have found that this connectivity is increasingly being turned against us since recent data reveals a worrying trend: the number of servers used to control botnets (large networks of infected devices) jumped by 24% in the last half of 2025.
For your information, a botnet is a network of malware-infected computers (bots) controlled by hackers and used in carrying out DDoS attacks to take websites down or steal private data. According to Pulsedive’s research, the United States has recently overtaken China as the primary hub for these control centres, with over 21,000 servers active by the end of 2025.
“Botnet activity has surged over the last year, with Spamhaus noting 26% and 24% increases in the two six-month periods Jan – Jun 2025 and Jul – Dec 2025, respectively. This increase is associated with bots and nodes appearing in the United States,” Pulsedive’s blog post reads.
The Evolution of Mirai
Much of this surge comes from the infamous Mirai malware, which was first identified in 2016 and scans for IoT devices like home routers and cameras running on ARC processors, a common component in these devices that often lacks proper security. Because the code for Mirai was leaked years ago, many different versions have appeared, and there are now “116 different branches from over 21,000 samples” of this software, the report reveals.
One notorious version, Satori, infected over 260,000 routers by exploiting a flaw in D-Link DSL-2750B devices. Another variant, KimWolf, targets Android systems, including mobile phones and Smart TVs. These botnets are now a business; the people running them sell access to infected devices on apps like Discord or Telegram.
Other botnets known to be using Mirai malware include Aisuru, Tiny Mantis, Murdoc_Botnet, Lzrd, and Resgod. As we know it, these “for-hire” services allow almost anyone to launch an attack if they are willing to pay.
Record-Breaking Attacks Reported
The power of these networks is truly mind-blowing. A group known as Aisuru-Kimwolf was recently linked to the largest digital attacks ever seen, including a “31.4 Terabit-per-second attack” and a flood of 14.1 billion packets per second.
These attacks are particularly difficult to stop because they “randomize packet characteristics” to hide from security tools, the Pulsedive Threat Research report reveals. Criminals often use residential proxies like IPIDEA to mask their activity behind the internet addresses of regular homeowners.
When authorities try to shut them down, the criminals adapt. After Google and others took down some of their infrastructure, KimWolf reportedly moved to The Invisible Project (I2P), a hidden network designed to evade detection.
However, authorities are fighting back. Just last week, the US Department of Justice announced they had disrupted several botnet networks, including Aisuru, KimWolf, JackSkid, and Mossad. However, the threat remains for devices using default credentials; therefore, changing factory passwords immediately and keeping all your tech updated is essential to staying safe.
Deeba Ahmed
