28/69 Friday, January 16, 2026
Cybersecurity researchers have issued a warning about the rapid spread of a new botnet known as Kimwolf, which has branched off from the Aisuru group. The botnet has already taken control of more than 2 million non-certified Android TV boxes within a short period of time. A notable aspect of the campaign is its use of residential proxy network weaknesses to reach large groups of devices that are typically difficult to access, elevating Kimwolf into a high-severity threat. As a result, Kimwolf quickly rose to the top of Cloudflare’s threat activity rankings in late October 2025.
On the defensive side, Black Lotus Labs at Lumen Technologies, working with multiple partners, has disrupted more than 550 command-and-control (C2) servers associated with both Kimwolf and Aisuru since early October. These takedowns reportedly angered the attackers, who responded by embedding taunting messages within their attack payloads. This behavior strongly suggests that the group is financially motivated rather than state-sponsored. Current attack patterns primarily focus on short-duration but high-intensity DDoS attacks, with Minecraft game servers being the most common targets.
Although Kimwolf has not yet been observed targeting national critical infrastructure, experts warn that a botnet of this scale represents a powerful and dangerous weapon that could be repurposed at any time. If misused, it could cause severe damage, as demonstrated by Aisuru’s previous record-breaking 29.7 terabits-per-second (Tbps) DDoS attack. Consequently, proactive defense measures and visible, continuous disruption efforts are essential to deter the expansion of this rapidly growing cyber threat.
Source https://cyberscoop.com/kimwolf-aisuru-botnet-lumen-technologies/
