Huge Networks, a Brazilian ISP and DDoS‑protection provider founded in Miami in 2014, has been tied to a botnet used in a years‑long campaign of massive DDoS attacks against other Brazilian network operators, KrebsOnSecurity found 1.

Huge Networks’ chief executive told KrebsOnSecurity the activity stemmed from a security breach and said a competitor may have been trying to tarnish the company’s reputation 1. The company does not appear in public abuse complaints and is not linked to any known DDoS‑for‑hire services, the reporting notes 1.

Security researchers have tracked a string of large attacks that originated in Brazil and targeted Brazilian ISPs for several years. The investigation took a step forward when an anonymous source shared an exposed file archive that contained Portuguese‑language malicious Python programs and other artifacts 1.

The archive included the private SSH authentication keys belonging to Huge Networks’ CEO, suggesting a Brazil‑based threat actor had root access to company infrastructure and built a powerful botnet by mass‑scanning the internet for insecure routers and unmanaged DNS servers to recruit into attacks 1.

Krebs’ writeup explains the attackers relied on DNS reflection/amplification: misconfigured DNS resolvers that will answer queries from anywhere can be queried with a spoofed source address (the victim), producing responses many times larger than the requests — sometimes 60‑70x — and multiplying the impact when tens of thousands of devices are used concurrently 1.

The technique depends on common weak points — exposed DNS resolvers and insecure consumer or small‑business routers — vulnerabilities that exist worldwide. Network operators in India should take note and audit for open resolvers, apply vendor firmware updates and tighten access controls to limit IP‑spoofing opportunities, since the same misconfigurations enable this class of attacks 1.

The exposed archive did not list every router model targeted, but KrebsOnSecurity’s reporting referenced TP‑Link’s Archer AX21 as an example of a widely used consumer router in related coverage 1.

How this was made. This article was assembled by Startupniti's editorial AI from the source listed in the right rail. The synthesis ran through our 4-model cascade (Gemini Flash Lite → GPT-4o-mini → DeepSeek → Llama 3.3 70B), logged to ops.llm_calls. Every fact traces to a citation. If a fact looks wrong, write to corrections.