.svg){kind=spacer}
June 22, 2026
In brief
KrebsOnSecurity reports that Huge Networks, a Brazilian company specializing in DDoS protection, had infrastructure and CEO-owned SSH keys linked to a botnet used in major DDoS attacks against Brazilian ISPs. An exposed file archive contained Portuguese-language Python attack tools, command histories, and private keys, showing how the attacker scanned for vulnerable TP-Link Archer AX21 routers and misconfigured DNS servers to build amplification and reflection attacks. The campaigns were focused on Brazilian IP ranges and used multiple Huge Networks addresses during targeting and execution.
Huge Networks CEO Erick Nascimento denied involvement, saying the activity stemmed from a January 2026 compromise of development systems and personal SSH keys, possibly by a competitor trying to damage the company’s reputation. He said the company wiped affected systems, rotated keys, and hired a third-party forensics firm. The article places the case in a wider pattern where DDoS mitigation businesses and Mirai-based botnets have sometimes overlapped, including previous cases where companies offering protection were also tied to attacks that created demand for their services.
Source: KrebsOnSecurity
