Mirai Botnets Surge as Major DDoS and Proxy Abuse Threats

Severity: High (Score: 60.9)

Sources: Cybersecuritynews, Gbhackers

Summary

Mirai-based botnets have significantly evolved, transitioning from basic IoT malware to sophisticated platforms for large-scale DDoS attacks and proxy abuse. Over 21,000 command-and-control (C2) servers were identified between July and December 2025, indicating a substantial increase in their operational capacity. The botnets are now being utilized not only for traditional DDoS attacks but also as residential proxies, enhancing their stealth and effectiveness in cybercrime. This evolution poses a serious threat to various sectors, particularly those relying on IoT devices. The rise in activity has been linked to a broader trend of botnet-driven threats that have surged over the past year. As of now, the situation remains critical, with ongoing monitoring of Mirai's developments necessary for effective defense strategies. Key Points: • Mirai botnets have evolved into platforms for large-scale DDoS and proxy abuse. • Over 21,000 C2 servers were detected from July to December 2025. • The use of Mirai bots as residential proxies enhances their stealth in cyber operations.

Key Entities

• Botnet (attack_type)
• DDoS (attack_type)
• Mirai (malware)
• T1071 - Application Layer Protocol (mitre_attack)
• ARC Processors (platform)