Russian internet giant Yandex has been the target of a record-breaking distributed denial-of-service (DDoS) attack by a new botnet called Mēris.
The botnet is believed to have pummeled the company’s web infrastructure with millions of HTTP requests, before hitting a peak of 21.8 million requests per second (RPS), dwarfing a recent botnet-powered attack that came to light last month, bombarding an unnamed Cloudflare customer in the financial industry with 17.2 million RPS.
Russian DDoS mitigation service Qrator Labs, which disclosed details of the attack on Thursday, called Mēris — meaning “Plague” in the Latvian language — a “botnet of a new kind.”
“It is also clear that this particular botnet is still growing. There is a suggestion that the botnet could grow in force through password brute-forcing, although we tend to neglect that as a slight possibility. That looks like some vulnerability that was either kept secret before the massive campaign’s start or sold on the black market,” the researchers noted, adding Mēris “can overwhelm almost any infrastructure, including some highly robust networks […] due to the enormous RPS power that it brings along.”