“Eleven11bot” Botnet Compromises 30,000 Webcams in Massive Attack

Cybersecurity experts have uncovered a massive Distributed Denial-of-Service (DDoS) botnet known as “Eleven11bot.”

This new threat, discovered by Nokia’s Deepfield Emergency Response Team (ERT), shared in LinkedIn, has compromised a staggering 30,000 network devices, predominantly webcams and Network Video Recorders (NVRs).

The botnet has been observed conducting hyper-volumetric DDoS attacks, primarily targeting sectors like communications service providers and gaming hosting infrastructure.

The Emergence of Eleven11bot

Identified on February 26, 2025, Eleven11bot has rapidly escalated to become one of the largest known DDoS botnet campaigns since the invasion of Ukraine in February 2022.

Its growth and size are exceptional among non-state actor botnets, marking it as a significant threat in the cybersecurity landscape.

Eleven11bot’s attack vectors are diverse, employing various methods to overwhelm targeted systems with an onslaught of traffic.

The intensity of these attacks varies, ranging from a few hundred thousand to several hundred million packets per second (pps).

Public forums have reported sustained attacks that have caused service degradation lasting multiple days. In some cases, these attacks remain ongoing, impacting critical infrastructure and disrupting operations.

Protection Measures

Fortunately, customers of Nokia’s Deepfield Defender have been protected against Eleven11bot’s attacks.

This protection is due to the active tracking of these compromised devices and the robust design of the DDoS solution, which effectively mitigates the threat posed by this botnet.

GreyNoise Intelligence has provided valuable insights into the IPs involved, helping to further understand the scope and scale of Eleven11bot’s operations.

As the cybersecurity community continues to monitor and analyze this botnet, it’s critical to address the underlying vulnerabilities that allow such extensive device compromise.

The discovery of Eleven11bot highlights the ongoing challenges in securing IoT devices like webcams and NVRs. As technology advances and more devices become connected, the potential for massive botnets capable of debilitating DDoS attacks increases.

Both consumers and enterprises need to prioritize cybersecurity, ensuring that vulnerable devices are patched and secured to prevent future exploitation by malicious actors.

In the face of these threats, the importance of collaboration between cybersecurity experts and the development of robust security solutions becomes increasingly evident.

By staying vigilant and leveraging advanced technologies, we can work towards mitigating such risks and safeguarding our digital infrastructure against the evolving landscape of cyber threats.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.