KrebsOnSecurity website gets attacked by the Meris botnet

KrebsOnSecurity website cyberattack Meris botnet Mirai

KrebsOnSecurity, a website authored by Brian Krebs covering computer security and cybercrime, has always been a target of cybercriminals. However, this time, the website is also targeted by a powerful and massive botnet. On Thursday evening, the website was assaulted by a botnet called Meris. 

Meris botnet is relatively new on the attack scene and is powered by the Internet of Things devices or IoT. All hijacked IoT products such as computers, routers, TVs, and more become slave nodes inside a botnet network that can be exploited to execute DDoS or distributed denial-of-service attacks.  

As reported by researchers, Meris’ first appearance was in late June this year and still is growing. This botnet is composed of many MikroTik routers. Additionally, Meris botnet may even be compared to Mirai, a botnet known for shutting down swathes of the internet back in 2016. However, researchers say that these two botnets are not precisely comparable. They noted that Mirai is composed of a much higher number of intruded devices for C2C and its attacks focus mainly on volumetric traffic. 

The Mirai botnet’s source code was leaked and has caused a lot of its variants to show up and continue to operate. 


According to Krebs, the DDoS attack from Meris botnet was more significant than the previously launched in 2016 by Mirai operators against the website KrebsOnSecurity.


The attack was so massive that Akamai, a cloud service company delivering internet security services, had to unmoor the domain so it could stop any possible complications for other consumers. The capacity of the junk traffic initiated by the Meris botnet was reported to be four times more than that of Mirai and has reached more than two million requests per second. 

As of now, the domain of KrebsOnSecurity is under the protection of Google’s Project Shield.  

In addition, there are speculations that the Meris botnet is also a mastermind behind two more major attacks this year against Yandex, a search engine company, and Cloudfare, a website security company. 

A statement made by MicroTik, a network equipment manufacturer, noted that their compromised devices were rooted from a patched vulnerability last 2018 from RouterOS and are not a zero-day vulnerability. 

About the author


Leave a Reply