Critical Infrastructure Caught in a Botnet

CIS analyzes persistent botnet threats to critical infrastructure through 2025, highlighting how compromised IoT/OT devices and legacy SOHO routers enable large-scale DDoS, espionage, and pre-positioning by both criminal actors and APTs (notably Volt Typhoon), with examples including near-record 6.3 Tbps and prior 5.6 Tbps DDoS attacks and exploitation of unpatched/End-of-Life devices. The report provides actionable IoCs (IPs, domains, hashes) for Aisuru, Mirai, and Volt Typhoon activity, lists associated exploited CVEs, and offers mitigation guidance such as CIS Benchmarks, network segmentation, replacing vulnerable routers, maintaining IoT updates, and eliminating default credentials.