May 21, 2025
Curator announced the identification and neutralization of the largest DDOS campaign in history. The attack took place on May 16 and targeted an organization classified as a “state resource” in the subcategory of “Public Organizations.”
Curator reported that during the defense against the attack, 4.6 million unique IP addresses were blocked. To put this into perspective, the largest botnet in 2023 consisted of 136 thousand devices, and in 2024, that number increased to 227 thousand.
The attack unfolded in three stages. Initially, the attackers utilized approximately 2 million devices. This number then rose to 3.5 million in the second stage. Finally, all available equipment was harnessed, resulting in a botnet power of 4.6 million devices.
The majority of IP addresses involved in the attack were traced back to countries in South and North America. Brazil accounted for 1.37 million IP addresses (30% of the total network), followed by 555 thousand from the United States, 362 thousand from Vietnam, 135 thousand from India, and 127 thousand from Argentina.
Dmitry Tkachev, the Director General of Curator, mentioned that the company had previously encountered this botnet in 2025 with 1.33 million IP addresses. This time, the number had tripled, indicating significant growth in the Botnet infrastructure. Tkachev warned that a botnet of this magnitude could generate tens of millions of requests per second, potentially rendering target servers inaccessible. He also expressed concerns about the ability of DDOS protection service providers to handle such a load, posing a risk to all their customers under protection.