Did Anonymous Just Hijacked Thousand of Routers?


New confirmation proposes that Anonymous has started utilizing malware infected home routers to dispatch Distributed Denial of Service attacks against different targets, especially in the most recent few months. That is the decision of another report from the security firm Incapsula, which started recognizing contaminated frameworks in the December of 2014.


Image Source: Incapsula – Graph showing the history of DDoS attacks from routers infected with Mr Black malware

According to the security firm, the assaults it has logged have come to a great extent from ARM based SOHO (small office or home office) routers in light of Ubiquiti design. In 2013, Ubiquiti gadgets were found to have a noteworthy security imperfection that permitted passwords and other information to be snooped from the equipment; however this adventure seems to have obliged a physical association with the router. What Incapsula found was far worse, with numerous Ubiquiti routers which seemed to have empowered HTTP and SSH logins of course were utilizing merchant gave standard certifications. This tech company targets developing nations for its equipment, which clarifies the overwhelming focus in East Asia.

The routers Incapsula inspected were stacked with a normal of 4 variations of Mr Black, a DDoS program – around one hundred and thirty seven variations of Mr Black were detected. Other DDoSing programs included DoFloo, Mayday and also Skynet, a remote accessing tool (RAT) or program.


Image Source: Incapsula – Graph showing top attacking countries, by number of IPs present

Furthermore, with the current situation United States is serving as the command and control head, with most of the routers dispatching the assaults situated in Thailand and Brazil all eighty five percent of them. The command and control servers were found generally in China, yet the United States represented a noteworthy minority offer, at twenty one point seven percent.

The Twist on Anonymous

If we look at the article in Daily Dot – specifically at the publications that do not have a previous version of the embedded report which tells us that the botnet routs to irc (dot) anonops (dot) com and this information has been removed in the current publication. But thanks to the publication platform Scribd you can still view the old version of the report.

We still do not know why was Anonymous highlighted or what the connection with Anonymous and MrBlack malware. It is surely conceivable that a few people who call themselves “Anonymous” are only the ones abusing router security for their own particular increase.

SourceIncapsulaDaily DotAnonOps

You want to discuss a certain topic with likeminded people or you want to organize a local protest or you have an idea for a project that can help people in need in your local community or all around the world? Join our forum! www.anonboards.com

You want to support Anonymous Independent & Investigative News? Please, follow us on Twitter: 


Get Your Anonymous T-Shirt / Sweatshirt / Hoodie / Tanktop, Smartphone or Tablet Cover or Mug In Our Spreadshirt Shop! Click Here



  1. its a malicious and stupid security reports.. DOES IT MEANS, THAT culprits in the DDOS attacks includes all ANONYMOUS, such as those we seen at the quotes.?
    i laugh the first time i read the report.. but it make me angry and sad afterwards,, coz its a dangerous things that supposed “SECURITY EXPERTS” are dumb and stupid to maliciously highlights the ANONYMOUS, short of accusing the ANONYMOUS group as the same individual ANONYMOUS doing backdoor works at the shortcomings of those products..

  2. People are trying to distract you,, anonymous is telling the truth about stuff, people just want you to think otherwise x

  3. Yes there will be those that try to discredit you but to hell with them at least you sentient beings have valour and compassion for all without intent.


Please enter your comment!
Please enter your name here