A recent report from Qrator Labs discloses a staggering growth in the largest DDoS botnet, which has expanded to encompass 13.5 million devices, empowering hackers to execute attacks with peak capacities of 2 Tbps. The FinTech and betting sectors have emerged as the primary targets during the first quarter of 2026.
The findings, shared exclusively with Hackread.com, underscore a disturbing trend towards larger and more intricate DDoS attacks. The report reveals that, as of Q1 2026, the largest botnet under observation has experienced a tenfold increase, skyrocketing from roughly 1.33 million devices when it was first identified on March 26, 2025, to its current size. The geographical distribution of these compromised devices predominantly includes the United States (16.0%), Brazil (13.6%), and India (6.5%), complicating efforts for companies to mitigate risks based solely on location.
Cyberattackers’ Evolving Tactics
Noteworthy in the report is the increasing prominence of a new botnet loader known as Aeternum C2, which leverages the Polygon blockchain for command execution among infected machines. This method poses a significant challenge to conventional DDoS defenses, as it operates without a central command point, rendering traditional takedown efforts ineffective. The decentralized nature of blockchain technology effectively diminishes the operational costs for perpetrators.
Additionally, multi-vector DDoS attacks have surged, rising from 8.0% to 10.7% of all incidents during this quarter. Specifically, the combination of network (L3-L4) and application layer (L7) assault techniques has seen an increase from 3.6% to 6.2%, marking a shift in attack strategies that further complicates mitigation efforts.
A striking instance of this escalation was a DDoS attack against a betting company in mid-March 2026, which registered a peak capacity of 2.065 Tbps and transmitted nearly 1 billion packets per second. While most attacks of this magnitude are brief, this incident maintained its intensity for an astonishing 40 minutes, during which attackers altered their tactics 11 times to sustained pressure.
Identifying the Targets
Qrator Labs’ latest data indicates that financial enterprises are at the forefront of these attacks, with the FinTech sector suffering the most, accounting for 44.2% of all incidents. Banks (22.8%) and payment systems (15.9%) are highlighted as the main targets within this category. Information technology companies (19.3%) and betting establishments (10.0%) are also frequent victims, collectively representing three-quarters of all documented attacks.
Furthermore, researchers observed a significant increase in automated malicious activity, referred to as “bad bots.” In Q1 2026 alone, approximately 2.5 billion bad bot requests were blocked monthly, reflecting a 12% rise compared to the previous year. A particularly notable incident involved a shopping website that faced over 178 million malicious requests over a two-week period.
The report concludes that traditional defense mechanisms are less effective in an era where attackers can deploy IP addresses from virtually any nation. The findings illustrate that the complexity of attacks, now often employing simultaneous methods such as UDP floods and HTTP hits, presents a formidable challenge for organizations striving to maintain cybersecurity.
Chinese Hacker Group ‘Comment Crew’ Remains Active and Operates Stealthily
June 27, 2013
Security experts assert that the Chinese hacker group known as Comment Crew is still active and operating covertly. Rumors within the intelligence community suggest, “The Comment Crew is back again,” with researchers suspecting their involvement in the recent cyber tensions between the U.S. and China.
Looking back, in February, the Mandiant Intelligence firm published a significant report detailing an extensive computer espionage campaign called APT1. Mandiant linked APT1, which compromised 141 organizations over seven years, to a Chinese military unit known as “61398.” Notably, the security firm identified a consistent pattern in attacks carried out by this group and established key indicators to recognize ongoing advanced persistent threat (APT) attacks.
Mandiant has been monitoring the group for years, and while it is not the only firm to do so, FireEye has also provided valuable insights into their operations.