Summary of the KrebsOnSecurity Article: DDoS Botnets, Proxies, and Key Players
This article details the investigation into the massive DDoS attacks carried out by the Aisuru/Kimwolf botnet, and the individuals and companies connected to its operation and support. Here’s a breakdown of the key findings:
1. The Proxy Connection & ISP Changes:
* Shox & Linus: For nearly two years, thes individuals sold “ISP proxies” by routing internet traffic through blocks owned by major US ISPs.
* AT&T Policy Change: AT&T announced a policy change in February 2025, refusing to originate routes for network blocks they don’t own. Other ISPs followed suit. This directly impacted Shox and Linus’s proxy business, forcing them to discontinue static ISP proxies.
2. Key Individuals & the Aisuru/Kimwolf Botnet:
* Dort: The apparent leader of the resi[.]to Discord server (and perhaps a key figure in