175/69 Friday, March 27, 2026
A recent report from Pulsedive and Spamhaus highlights alarming trends in the second half of 2025, revealing a 24% increase in command-and-control (C&C) servers worldwide. These servers are increasingly leveraging everyday IoT devices from homes and offices as part of cyberattack infrastructure. Notably, the United States has surpassed China as the primary hub for botnet control, with more than 21,000 active servers globally, underscoring the rapid expansion of this threat beyond regional boundaries into global infrastructure.
At the core of this surge is the continued evolution of the Mirai malware family, whose source code has been widely modified into more than 116 variants, with over 21,000 malware samples identified. Prominent strains such as Aisuru and KimWolf have expanded their targeting from traditional routers to include Android devices and smart TVs. These botnets are also being commercialized through rental-based models, easily accessible via platforms like Telegram and Discord. This allows even low-skilled actors to launch massive DDoS attacks, some reaching peaks of 31.4 terabits per second, simply by paying for access.
Although law enforcement agencies such as the United States Department of Justice have successfully disrupted major botnet operations like JackSkid and Mossad, cybercriminal groups are adapting by shifting to anonymized networks such as I2P and using residential proxy services to evade detection. For general users, the most effective defense remains basic cybersecurity hygiene-changing default passwords on IoT devices immediately after installation and regularly updating firmware to the latest version-to prevent devices from being recruited into these large-scale botnet networks.
Source https://hackread.com/mirai-malware-variants-botnet-growth/