Aisuru Botnet Shifts from DDoS to Residential Proxies
Category:Threat / Botnet
Following its record-breaking DDoS campaigns, the Aisuru botnet has begun monetizing compromised IoT devices as residential proxies for cybercriminal services. The shift enables attackers to evade IP reputation systems and expand into credential-stuffing and phishing operations.
CORTEX Protocol Intelligence Assessment
Business Impact: Indicates monetization evolution of Mirai variants toward persistent proxy infrastructure. Technical Context: Aisuru operators are reusing DDoS botnet nodes as proxy endpoints for fraud and anonymity.
Strategic Intelligence Guidance
- Identify unusual outbound proxy traffic from IoT subnets.
- Harden router and DVR firmware via vendor updates.
- Monitor for proxy API calls and tunneling behavior.
- Coordinate with ISPs to neutralize residential proxy abuse.
Threats
Targets
Intelligence Source: Aisuru Botnet Shifts from DDoS to Residential Proxies | Oct 29, 2025