InfoSecBulletin Cybersecurity for mankind
A distributed denial-of-service attack hit a big user-content platform, sending an amazing 2.45 billion malicious requests in only 5 hours. Security company DataDome stopped the attack right away, so real users face no disruption. Experts looking into the event found that the attack used 1.2 million different IP addresses.
OpenAI unveils its first custom chip, Named Jalapeño
Bajaj Auto System Hit by a Ransomware Attack
Cisco Unified CM flaw CVE-2026-20230 exploited in attacks
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
The attackers used a large network instead of just strong force methods. This move showed key weaknesses in regular security systems that mainly depend on fixed limits to find bad actions.
Massive DDoS Attack Generates 2.45 Billion Requests
The operation reached a peak of over two hundred thousand requests every second and had an average of about one hundred thirty-six thousand requests per second.
The attackers did not just attack all the time. Instead, they used a wave pattern with changing strength to avoid being caught. Each hacked device made about one request every nine seconds.
This careful timing meant no single source hit the usual rate limits, helping the overall operation stay under normal detection levels. The planned breaks between attacks allowed security measures to reset. During these breaks, the attackers changed addresses, switched user agents, and sent their payloads again. This smart timing shows a controlled operation where a person watched for detection signals and changed plans as needed.
To carry out an attack this bigger, the threat actors used a very broken network with over sixteen thousand independent systems. Getting to this level of spread needs great planning and special resources.
The traffic was very even, with the biggest network only making up 3% of the total. The attackers mixed their traffic by using popular cloud services like Cloudflare, Amazon, and Google, along with lesser-known networks that offer anonymity.
Providers such as 1337 Services GmbH and Church of Cyberology were utilized to minimize a traceable footprint.
By mixing traffic from standard hosting environments with privacy-oriented networks, the malicious operators created a complex web that made standard blocking completely ineffective, as reported by DataDome.
The adversary profile indicates a highly distributed but moderately sophisticated attacker who prioritized raw throughput over individual node stealth. Catching an operation of this complexity requires analyzing behavioral baselines rather than just aggregate traffic spikes.
Defenders found the attack by using server fingerprinting, threat data, and behavior analysis. They saw differences between the claimed browser setups and the real network features.
The automated tools used in the attack showed changing signals in each session, which is a clear sign of fake traffic. By looking at unusual session patterns and checking the mistakes within the fake environments, security systems reduced the threat for all users without affecting real ones.
