Skip to main content

Russian Internet giant Yandex says it was hit by largest cyberattack in history

Source: Habr

The Russian Internet giant Yandex says it repelled the largest DDoS (denial-of-service) attack in history. The cyberattack included more than 20 million requests per second (RPS), according to the company’s blog on the website Habr. 

The source of the attack was a new botnet, which Yandex named “Meris.”

Yandex observed signs of the appearance of the new botnet back in late June. The company estimates that “Meris” consists of between at least 56,000 infected devices, but says the actual number could be much higher — perhaps more than 200,000. 

“The full force of the botnet isn’t visible due to the rotation of devices and the attackers’ lack of desire to show all available capacity. Moreover, the devices on the botnet are high-performance devices, not the typical devices of the ‘Internet of things,’ connected to a Wi-Fi network. In all likelihood, the botnet consists of devices connected via an Ethernet connection — mainly, network devices.”

Earlier, the Russian newspaper Vedomosti reported that on September 4–5, Yandex was subjected to the largest cyberattack in the history of the RuNet. Experts speculated that a vulnerability in the network equipment of the Latvian company MikroTik was used to organize the new botnet.

According to the cybersecurity company Qrator Labs, the new botnet carried out DDoS attacks not only in Russia, but also in Europe, the United States, India, the Middle East, and Latin America.