Categories: DDOS

New Mēris Botnet Hits Yandex Search Engine With 21.8 Million RPS – Biggest DDoS Attack on Yandex History

Recently, it has been reported that Yandex was experiencing a massive DDoS attack from the Mēris botnet. this attack was denominated as the most comprehensive in the history of a DDoS attack, however, the key details are not yet cleared.

However, Yandex and Qrator Labs issued a large provision on Habré, on which they have yielded the details of what exactly happened, as per the study this DDoS attack power was more than 20 million requests per second, and the Mēris botnet was behind this attack.

Features of Mēris botnet

There are some special features that have been published by Yandex and Qrator regarding this DDoS attack, and here we have mentioned them below:-

  • Socks4 proxy at the affected device (unconfirmed, although Mikrotik devices use socks4)
  • Use of HTTP pipelining (http/1.1) method for DDoS attacks (confirmed)
  • Making the DDoS attacks themselves RPS-based (confirmed)
  • Open port 5678 (confirmed)

Comprehensive and robust botnet

Russian media broke when news about a huge DDoS attack hitting Yandex appeared. It is been described as the largest attack in the history of the Russian internet, therefore it was given the name of “RuNet.”

According to the recent details, which emerged in joint research from Yandex it has been pronounced that they are providing DDoS protection services. There were several attacks, out of which information was collected by the new Meris botnet and it showed a force of more than 30,000 devices.

The data that has been collected by Yandex, observed that the assaults on its servers relied on 56,000 attacking hosts. However, 2,50,000 compromised devices may have been seen during the indication by the security experts.

Countries with active hosts

CountryHosts% of global
United States of America13993042.6%
China6199418.9%
Brazil92442.8%
Indonesia73592.2%
India67672.1%
Hong Kong52251.6%
Japan 49281.5%
Sweden47501.4%
South Africa47291.4%

Botnet’s history of attacks on Yandex

Here’s the history of attacks on Yandex:-

  • 2021-08-07 – 5.2 million RPS
  • 2021-08-09 – 6.5 million RPS
  • 2021-08-29 – 9.6 million RPS
  • 2021-08-31 – 10.9 million RPS
  • 2021-09-05 – 21.8 million RPS

What to do in such a situation?

Blacklist still exists, therefore those attacks are not spoofed, hence, the victim sees the attack origin just the way it is. To not disturb the possible end-user and thwart the attack, blocking would be sufficient.

Nobody knows how the owners of the Meris botnet would act in the future. But, there is a fair probability that they could be taking advantage of the compromise devices by making the hundred percent of their capacity.

In such cases, the only way other than blocking every request is to prevent the answering of the pipelined requests. Although, pipelining could be turned into a disaster if there is no DDoS attack mitigation at the targeted server.

The threat actors need less workforce to fill the RPS threshold for the victim and it turns out that many were not ready for such a situation.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…

2 days ago

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution…

2 days ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…

2 days ago

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…

2 days ago

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

3 days ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

3 days ago