top of page

Hacker Storm: Botnet with more than 50,000 devices and in full expansion activity identified.

Updated: Apr 24

Hacker storm over a city
Hacker Storm

NetSensor has detected a growing digital threat through its Threat Intelligence network, HackNet. The company's Threat Intelligence service identified and mapped a botnet, made up of more than 50,000 addresses, predominantly originating from Small Office/Home Office (SOHO) devices, with a special focus on routers and DVRs (Digital Video Recorder).

This announcement comes almost a year after the discovery, in February 2023, of a previous botnet with more than 40,000 devices, used in distributed denial of service (DDoS) attacks. NetSensor alerted the community about this network, providing mapped IPs, a week before the start of a massive wave of DDoS attacks against Brazil, mainly affecting internet providers in Rio de Janeiro.

This time, the new botnet is even bigger and is currently operating with a clear purpose: to recruit new devices to expand its scope and make it even more powerful and threatening.

NetSensor has observed an approximate average increase of more than 1,000 addresses being incorporated into the botnet each day, indicating elevated proliferation activity.

Top 20 countries by infected IPs

The identified addresses are distributed across 161 countries, with a greater concentration in China, Russia and South Korea. They belong to at least 2,500 different providers and companies.

This global spread suggests a comprehensive botnet strategy, aiming to create a heterogeneous and difficult to combat network.

World countries by infected IPs

NetSensor is intensifying its HackNet monitoring and analysis efforts to provide increasingly effective means of neutralizing these continually evolving threats, while sharing important information with the community.

The company reinforces the importance of constant vigilance and proactive measures to strengthen digital security at a global level in the face of this and other constantly changing threats.

How was the detection made?

The detection occurred on NetSensor's Threat Intelligence network, HackNet, which is an artificial neural network focused on cybersecurity spread in more than 20 countries. It collects, analyzes and catalogs information about hacker activities recently detected in different parts of the planet.

From this, security analysts can make adjustments and take greater care with new targets that are being searched for on the internet.

Additionally, a summary of hacking activities is made available daily on the website, including the services most sought after by hackers, the countries that generated the most hacking activity, the points where these activities were detected and the organizations with which these malicious sources are linked.

In corporate client networks, detection was carried out using NetSensor Magic, a technology that uses machine learning to detect and neutralize hacker activity against a corporate network.

What were the IPs detected? Will the list be made available for consultation?

We believe that the IPs that make up the list correspond, almost in their entirety, to addresses belonging to domestic users and legitimate companies, whose equipment is being exploited by criminals to spread malware and generate DDoS attacks against other victims. For this reason, we will make the complete list of IPs available for download, however, for ethical reasons, we will not make the list of companies to which the structures are linked available.

If any address in your structure is on this list, seek specialized cybersecurity consultancy as soon as possible. If you want to know more or need help, please contact us via

See the list of exploited IPs at:

Or download the full list:

Download TXT • 715KB

Do you want to increase the security of your structure and stay updated on hacker activities? Then get to know HackNet.

Read too:


Post: Blog2_Post
bottom of page