Destruction of Aisuru and Kimwolf Botnets Failed to Stop DDoS Attacks

Cybersecurity experts note that the dismantling of the Aisuru and Kimwolf botnets has not yielded the expected long-term results. Despite these networks, which controlled over 3 million devices, being neutralized by international law enforcement agencies in late March 2026, the situation regarding DDoS attacks in Russia has remained virtually unchanged. This is reported by Ixbt.com report .

According to StormWall analytics, while a 26% drop in activity was observed in April, a sharp increase was recorded in May. The number of attacks rose by 94% compared to March, indicating that cybercriminals quickly restored their capabilities. Although the total number of application layer (L7) attacks decreased, their peak power increased significantly.

Hackers have changed their tactics, shifting to massive, short-duration strikes. The number of attacks lasting up to 15 minutes increased more than 30-fold. In May, 121 major attacks sending over 100,000 requests per second were recorded, a record for the last three months. At the same time, the geography of bot traffic sources has also changed.

The Philippines, Vietnam, and Russia have now entered the top five sources of bot traffic. Attacks from Philippine IP addresses increased by 959%, and those from Vietnam by 750%. According to StormWall founder Ramil Khantimirov, while the destruction of major botnets damaged the groups, it did not prevent hackers from rapidly regrouping.

Experts predict that both the number and power of DDoS attacks will continue to grow in the future. The US and Brazil remain leaders in attack sources, indicating that part of the dangerous infrastructure is still active.