In June 2022, DDoS mitigation firm Cloudflare announced it has mitigated the largest HTTPS DDoS attack that was launched by a botnet they have called Mantis.
The Mantis botnet generated 26 million request per second using approximately 5000 hijacked virtual machines and powerful servers.
“The Mantis botnet was able to generate the 26M HTTPS requests per second attack using only 5,000 bots. I’ll repeat that: 26 million HTTPS requests per second using only 5,000 bots. That’s an average of 5,200 HTTPS rps per bot. Generating 26M HTTP requests is hard enough to do without the extra overhead of establishing a secure connection, but Mantis did it over HTTPS.” reads a report published by Cloudflare.
Experts consider Mantis as the evolution of the Meris botnet, which is composed of MikroTik devices, but Mantis includes a variety of VM platforms and supports running various HTTP proxies to perform the attacks.
Cloudflare reported that the Mantis was involved in attacks against one thousand of its customers. Over the past month, Mantis was used to launch over 3,000 HTTP DDoS attacks against Cloudflare customers.
Most of the Mantis attacks targeted organizations in the Internet & Telecommunications industry (36%), followed by News, Media & Publishing industry (15%), Gaming (12%), and Finance (10%).
Most of the targeted organizations are located in the US (20%), followed by Russia-based companies (15%), while less than five percent included Turkey, France, Poland, Ukraine, and more.
Mantis is considered by the experts the most powerful botnet to date, for this reason, it will be likely convolved in many other attacks in the next months.
(SecurityAffairs – hacking, Mantis)