Brazilian Anti-DDoS Firm Hacked, Used as Botnet Base for Attacks on ISPs

<h2>Breaking News: Anti-DDoS Firm Turned Attack Platform</h2><p>A Brazilian tech company that markets DDoS protection services has been exposed as the command center for a years-long botnet campaign targeting Brazilian ISPs. The CEO admits a security breach, but experts say the scale suggests a deliberate operation.</p><figure style="margin:20px 0"><img src="https://krebsonsecurity.com/wp-content/uploads/2021/03/kos-27-03-2021.jpg" alt="Brazilian Anti-DDoS Firm Hacked, Used as Botnet Base for Attacks on ISPs" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px">Source: krebsonsecurity.com</figcaption></figure><p>"This was absolutely a breach," said Huge Networks CEO in a statement. "We believe a competitor is trying to ruin our reputation." However, security researchers who have tracked the attacks since 2019 disagree: "The evidence points to a sophisticated, persistent actor, not a quick hack-and-tarnish job."</p><h2>Background</h2><p>For years, massive DDoS attacks have battered Brazilian ISPs, but the source remained a mystery. That changed when a trusted source shared an archive found in an open directory. It contained Portuguese-language Python malware and the private SSH keys of Huge Networks' CEO.</p><p>Huge Networks, founded in 2014 and headquartered in Miami with operations in Brazil, started as a game server DDoS protector. It grew into an ISP-focused mitigation provider with no public abuse complaints. The CEO insists the company is clean.</p><h2>How the Attack Worked</h2><p>The archive shows the threat actor had root access to Huge Networks' infrastructure. They scanned the internet for <a href="#insecure-router">insecure routers</a> and misconfigured <a href="#dns-reflection">DNS servers</a>. These devices were then used to build a botnet for amplified attacks.</p><p id="dns-reflection">DNS reflection attacks exploit servers that answer queries from anywhere. Attackers spoof requests to appear from the target, and the DNS responses can be 70 times larger than the query. Combined with thousands of compromised routers, the result is devastating bandwidth floods.</p><figure style="margin:20px 0"><img src="https://krebsonsecurity.com/wp-content/uploads/2026/04/tpllink-ax21.png" alt="Brazilian Anti-DDoS Firm Hacked, Used as Botnet Base for Attacks on ISPs" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px">Source: krebsonsecurity.com</figcaption></figure><p>The malware discovered was in Portuguese, suggesting a Brazilian origin. The SSH keys allowed the attacker to maintain persistent access without detection.</p><h2>What This Means</h2><p>This revelation shakes trust in DDoS mitigation providers. If a company specializing in defense can be weaponized, ISPs must reconsider their partners. The breach also exposes the widespread insecurity of consumer routers in Brazil, many of which have default passwords left unchanged.</p><p>Security experts urge immediate action: change router credentials, disable remote management, and audit any third-party access. Huge Networks faces a reputation crisis, but the real damage is to the Brazilian ISPs that suffered years of attacks — and to their customers who experienced outages.</p><p>"This is a textbook case of how an insider threat or a breach can turn a defender into an attacker," said one researcher. "It should be a wake-up call for the entire industry."</p>