As the FBI dismantles one botnet, criminal actors swiftly seize control of thousands of devices to create even more powerful networks capable of crippling entire countries.

The FBI recently disrupted a massive botnet used in some of the largest online attacks to date, but the takedown may have inadvertently freed up thousands of hacked devices for new cybercriminals. These devices, once controlled by the FBI, were quickly claimed by rival botnet operators, including the Aisuru group, which has already launched attacks that set new records for intensity. One such attack, measured by Cloudflare, reached an astonishing 11.5 trillion bits of junk data per second—enough to overwhelm the bandwidth of over 50,000 consumer internet connections. This attack, classified as a distributed denial-of-service (DDoS), was declared a “world record” in terms of intensity by Cloudflare.

Experts warn that these botnets, composed of internet-connected devices such as routers, security cameras, and smart TVs, are becoming increasingly powerful and difficult to defend against. Unlike traditional botnets that rely on compromised PCs, these newer networks can harness the speed and bandwidth of modern devices, enabling attacks that target not just websites but entire internet infrastructures. With the rise of botnets like Aisuru and ResHydra—estimated to include tens of millions of devices—cybersecurity professionals fear that the scale of these attacks could reach levels capable of causing national-level disruption.

The Aisuru botnet, for instance, has already seized control of more than one-fourth of the 95,000 devices previously held by the dismantled botnet, launching attacks that are “breaking records” in terms of both speed and intensity. These attacks are often brief, lasting only seconds, but they serve as demonstrations of the botnet’s capabilities, likely representing just a fraction of its total available bandwidth. According to Nokia’s Deepfield division, the attacks are so powerful that they could potentially target internet connectivity itself, disrupting large swaths of the internet.

The threat is not limited to Aisuru. Another botnet, ResHydra, has grown to include tens of millions of devices, according to Lumen’s Black Lotus Labs. Harnessing a botnet of that size, experts say, could “do extreme damage to a country.” This is a stark evolution from earlier botnets, which typically included tens of thousands of devices, making them easier to defend against.

As reliance on digital infrastructure grows, the threat of botnet-driven attacks is evolving into a new form of warfare. Russia’s intelligence service, the GRU, used DDoS attacks on Ukraine’s financial services industry as a way to cause disruption ahead of its 2022 invasion, according to U.K. authorities. This highlights the potential for botnets to be used as tools of geopolitical conflict.

In addition to state-sponsored cyber warfare, the rise of these botnets has also raised concerns about the potential for large-scale cybercrime. One of the most infamous botnets, known as Mirai, was initially used to launch massive DDoS attacks on major websites in 2016. Mirai was built using vulnerable IoT devices, such as webcams and routers, which were infected with malware and then used to overwhelm servers with traffic. The Mirai botnet was responsible for one of the largest DDoS attacks in history, which took down major websites including Netflix, Twitter, and Reddit.

Today, the landscape is even more dangerous. Botnets like Aisuru and ResHydra are not only larger but also more sophisticated, leveraging advanced malware and encryption techniques to avoid detection. These botnets can be controlled remotely by cybercriminals from anywhere in the world, making it extremely difficult for law enforcement to track down and dismantle them.

The scale of these botnets is also growing rapidly. For example, a botnet previously operated by a 22-year-old Oregon man, which had shut down the X social media platform earlier this year, was reportedly composed of over 10 million devices. That botnet, which was dismantled by the FBI in August, had grown from 74,000 Android devices in 2023 to over 10 million devices in just two years. According to a July Google court filing, the botnet was being used to click billions of Google advertisements in an ad fraud scheme, but it had the potential to be used for more dangerous cybercrimes, such as ransomware attacks or large-scale DDoS attacks.

As the scale and power of botnets continue to grow, the need for stronger defenses, better collaboration between law enforcement and private sector entities, and more robust international cooperation has never been more urgent. Cybersecurity experts are calling for increased investment in network resilience, better regulation of IoT devices, and more aggressive efforts to track down and dismantle botnets before they can be used for large-scale attacks.

With the FBI and tech companies struggling to keep pace, the question remains: how can businesses and governments prepare for the next generation of cyber threats? As the scale and power of botnets continue to grow, the need for stronger defenses, better collaboration between law enforcement and private sector entities, and more robust international cooperation has never been more urgent.