Cybercriminals have quietly compromised over 14,000 devices worldwide, using them to build a new type of cyber weapon that is exceptionally difficult to defend against. The operation, detailed in a recent report by security firm Lumen, relies on a decentralized network of infected routers—primarily Asus models—to route malicious traffic and evade detection.
How the Botnet Works
The malware, dubbed “KadNap,” operates through a peer-to-peer system. This means there is no central server to shut down, making the botnet highly resilient. The attackers hijack internet-connected devices (routers, smart devices, etc.) and link them together to launch distributed denial-of-service (DDoS) attacks. These attacks overwhelm websites and online services with traffic, effectively taking them offline.
The key advantage of KadNap is its ability to blend in. By routing traffic through ordinary household routers, the attackers bypass conventional security filters. To the average user, the only sign of infection might be slightly slower internet speeds.
Global Reach and Impact
The majority of infected devices are in the United States, but KadNap has also spread to the UK, Australia, Brazil, Russia, and across Europe. The report highlights a growing trend: as more devices connect to the Internet of Things (IoT), the opportunities for exploitation increase.
Threat actors are now building large-scale botnets specifically to hijack these vulnerable devices. Lumen’s report underscores this danger: “As modern society increasingly relies on internet-exposed Internet of Things (IoT) devices, the opportunities for malicious actors to exploit vulnerabilities continue to abound.”
The Doppelganger Connection
KadNap bots are being sold through a service called Doppelganger, which allows users to leverage hijacked devices for various malicious activities. These include brute-force attacks and highly targeted exploitation campaigns. Every IP address associated with this botnet represents a significant and persistent risk to organizations and individuals.
“Their intention is clear: avoid detection and make it difficult for defenders to protect against,” Lumen concludes.
This type of cybercrime demonstrates a shift towards more sophisticated, untraceable methods. Traditional security measures are increasingly ineffective against decentralized botnets that exploit everyday devices. The rise of KadNap underscores the urgent need for stronger cybersecurity practices and proactive threat detection.
