Brazilian DDoS Mitigation Firm’s Network Weaponized in Years-Long Attack Campaign, CEO Alleges Sabotage
Brazilian DDoS protection firm Huge Networks' infrastructure was used to launch attacks on Brazilian ISPs for years. CEO claims a competitor caused the breach via stolen SSH keys.
Breaking: DDoS Protection Provider Huge Networks Linked to Botnet Attacking Brazilian ISPs
A Brazilian firm specializing in distributed denial-of-service (DDoS) protection has been implicated in a sustained wave of massive DDoS attacks against other Brazilian network operators, according to documents obtained by KrebsOnSecurity. The company’s CEO claims a security breach allowed a competitor to hijack its infrastructure for the attacks.
"This was a security breach — likely orchestrated by a competitor seeking to damage our reputation," the CEO said in an exclusive statement. "We are cooperating with authorities and have patched the vulnerabilities."
Background: The Campaign and the Exposed Archive
For years, cybersecurity researchers tracked a series of crippling DDoS attacks originating from Brazil and exclusively targeting Brazilian internet service providers (ISPs). The source of the attacks remained unclear until earlier this month, when a confidential source shared a file archive found in an open directory online.
The archive contained Python-based malicious programs written in Portuguese, along with the private SSH authentication keys belonging to Huge Networks’ CEO. Huge Networks, founded in Miami in 2014 but primarily operating in Brazil, evolved from protecting game servers to offering DDoS mitigation services to ISPs.
How the Botnet Operated
The evidence shows an unnamed threat actor maintained root-level access to Huge Networks’ systems. Using that access, the actor constructed a powerful botnet by scanning the internet for vulnerable home routers and unmanaged DNS servers that could be exploited.
These servers were then used in DNS reflection and amplification attacks, a technique where attackers send spoofed DNS queries that appear to come from the target. The responses are many times larger than the original request, amplifying the attack’s impact.
“An attacker can send a 100-byte request and trigger a response 60–70 times larger,” explained a senior threat analyst at a leading security firm who asked to remain anonymous. “Combining that with thousands of compromised devices creates a devastating DDoS storm.”
What This Means
The incident underscores a critical trust issue: DDoS protection companies themselves can become attack vectors if compromised. Hundreds of Brazilian ISPs relying on Huge Networks may have inadvertently had their IP addresses used as ammunition in attacks they were trying to stop.
Security experts urge network operators to verify that their DDoS mitigation partners enforce strict internal security controls. “If a mitigator’s infrastructure is infected, it’s not just a PR problem — it’s a weapon that can be turned against the entire industry,” warned the analyst.
The CEO insists the breach has been contained, but questions remain: was this a one-time intrusion or a long-term compromise? And how many other similar firms are unknowingly hosting botnets? Authorities in Brazil have launched an investigation.