How do you get the word out when you’ve built one of the most powerful tools for cyberattacks in history? You can’t take out a Super Bowl ad for your services. But you can launch one of the biggest DDoS attacks the world has ever seen on one of the most popular cybersecurity news sites online.
That’s exactly what happened when KrebsOnSecurity was attacked last month by what appears to be Aisuru, a global collection of hacked internet of things devices. Brian Krebs’ site never went offline due to its enrollment in Project Shield. But the attempted denial of service acted like a banner ad for how powerful Aisuru’s tool has become.
About the Attack
Krebs’ site was targeted by a 6.3 Tbps DDoS assault in May 2025. It’s not the first time he’s been the target of such a campaign. In 2016, the Mirai IoT botnet knocked KrebsOnSecurity offline for nearly four days, prompting widespread headlines and concern about the vulnerability of core internet infrastructure.
This time, the attack appears to be a “test run,” as Krebs described it, for Aisuru, a new botnet made up of hacked DVRs, routers, and other unsecured IoT devices. The goal wasn’t just to take KrebsOnSecurity offline. It was to prove that it could.
In cybercrime, proof is everything. These kinds of demonstrations often act as live advertisements for services sold on the dark web. Aisuru, which Krebs calls a “digital siege machine,” is openly selling access to its botnet for prices ranging from $150 per day to $600 per week. It promises massive for-hire DDoS attacks of up to two terabits per second, with just one condition: no targeting healthcare facilities, schools, or government websites. Honor among thieves, apparently.
How the Attack Was Mitigated
Despite the size of the attack, KrebsOnSecurity remained online continuously. That’s thanks to Project Shield, a free service from Google that protects at-risk websites from DDoS attacks.
Project Shield works by sitting between a user’s browser and the site, filtering malicious traffic before it ever reaches the server. It’s designed specifically for journalists, election monitoring groups, and other vulnerable organizations. After the 2016 Mirai incident, Krebs enrolled his site in Project Shield. That decision paid off.
When the Aisuru attack hit, Project Shield absorbed it automatically, allowing Krebs’ site to continue operating without interruption. The service is free and open to eligible organizations who can apply here.
Consequences
If the attack failed, does the attempt even matter? The answer is yes. Even though the site stayed online, the attackers likely achieved their main objective: proving that their botnet works. In the underground economy of cybercrime, a high-profile, high-bandwidth test run is more effective than any brochure or commercial.
This incident was less about disruption and more about marketing. And it worked. Aisuru has now shown it can launch DDoS attacks rivaling or exceeding those mitigated by top-tier cybersecurity firms like Cloudflare. That makes it a dangerous player, not only because of what it can do, but because of how easy it’s becoming for others to rent and use it.
It’s also a reminder that protecting the internet’s public square can’t be an afterthought. The tools used to keep Krebs online are available but not automatic. Someone has to install them. Someone has to know they exist.
And someone has to remember that in cybersecurity, being ready is the difference between a warning shot and a takedown.
If you need help assessing your vulnerability to DDoS attacks, reach out to Asylas at 615-622-4591 or email info@asylas.com. Or complete our contact form.
