We'd like to really thank the folks over at @greynoise and @censys for providing additional insights and context: https://www.greynoise.io/blog/new-ddos-botnet-discovered
1.3.2025 10:05We'd like to really thank the folks over at @greynoise and @censys for providing additional insights and context:...In scenarios involving maximum bot activation, #Eleven11bot is capable of launching volumetric DDoS attacks exceeding several hundred million packets per second across certain vectors. Most observed attacks, however, involve fewer devices—typically between 3,000 and 5,000 bots—but still represent a substantial threat to network reliability and service continuity.
1.3.2025 09:57In scenarios involving maximum bot activation, #Eleven11bot is capable of launching volumetric DDoS attacks exceeding several hundred...Bots associated with this botnet can typically be recognized by distinctive hexadecimal banners featuring strings such as `head[...]1111` or `head[...]11111111`, predominantly appearing on TCP port 17000.
Since its initial detection, our ERT has closely monitored the activities and growth of #Eleven11bot . Early assessments indicate a large and geographically distributed botnet presence, spanning multiple countries such as the United States, Canada, Israel, Spain, the United Kingdom, Brazil, Taiwan, Romania, and Japan, among others.
1.3.2025 09:56Bots associated with this botnet can typically be recognized by distinctive hexadecimal banners featuring strings such as `head[...]1111` or...On 26 February 2025, the Nokia Deepfield Emergency Response Team (ERT) identified a significant new DDoS botnet, now tracked under #Eleven11bot
Primarily composed of compromised webcams and Network Video Recorders (NVRs), this botnet has rapidly grown to exceed 30,000 devices. Its size is exceptional among non-state actor botnets, making it one of the largest known DDoS botnet campaigns observed since the invasion of Ukraine in February 2022.
Eleven11bot has targeted diverse sectors, including communications service providers and gaming hosting infrastructure, leveraging a variety of attack vectors. Attack intensity has varied widely, ranging from a few hundred thousand to several hundred million packets per second (pps). Public forums report sustained attack campaigns causing service degradation lasting multiple days, some of which remain ongoing.
1.3.2025 09:54On 26 February 2025, the Nokia Deepfield Emergency Response Team (ERT) identified a significant new DDoS botnet, now tracked under...⬆️
⬇️