According to KrebsonSecurity, a Brazilian anti-DDoS firm was reportedly activating a botnet responsible for a massive DDoS attack campaign against other network operators in Brazil. The firm's CEO maintains that this malicious activity is the result of a security breach, possibly by a competitor.
Historically, security experts have documented massive DDoS attacks originating in Brazil, targeting only Brazilian ISPs. However, the situation changed with the exposure of a file containing malware in Python and the private SSH keys of Huge Networks, a key ISP in the region.
Huge Networks, founded in 2014 and operating in Brazil, provides DDoS mitigation services. Although the company does not appear in public complaints and is not associated with DDoS rental services, the exposed material reveals a greater concern.
The evidence shows that a threat actor based in Brazil maintained root access to Huge Networks' infrastructure. This actor built a powerful botnet through the massive scanning of insecure internet routers and unmanaged DNS servers.
These attacks are based on vulnerabilities such as 'DNS reflection' attacks, which exploit misconfigured DNS servers. Such attacks allow attackers to send spoofed packets, making the infrastructure vulnerable to massive DDoS assaults.