Ransomware, Malware, Network Security, Firewalls, Routers, IoT

Mirai-based botnet evolution fuels escalating botnet activity

botnet virus at a computer screen skull

Activity of botnets has increased by 26% and 24% during the first and second half of 2025, respectively, with the escalation primarily driven by U.S.-based bots and nodes, as well as the ongoing evolution of the Mirai malware, according to HackRead.

Mirai already has 116 distinct branches from more than 21,000 samples, including Satori, which has leveraged a D-Link vulnerability to compromise more than 260,000 routers, and KimWolf, which aimed to breach Android devices, a report from Pulsedive Threat Research revealed.

Also using Mirai were the Aisuru, Murdoc_Botnet, Resgod, Tiny Mantis, and Lzrd botnets. Aisuru-Kimwolf was observed to have enabled an unprecedented attack that reached 31.4 terabits per second and achieved a flood of 14.1 billion packets per second.

While such intrusions have become challenging to avert due to randomized packet characteristics, intensified law enforcement crackdown efforts have led to the recent disruption of the Aisuru, KimWolf, Mossad, and JackSkid botnets.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds