Brazilian Anti-DDoS Firm Implicated in Coordinated Botnet Attacks Against Local ISPs

A Brazilian technology firm positioned as a defender against distributed denial-of-service attacks is now accused of enabling the very threat infrastructure it was designed to neutralize. Security researchers have traced an extended campaign of sustained DDoS attacks targeting Brazilian internet service providers to a botnet whose command-and-control operations appear connected to the company's own network. The firm's chief executive has denied involvement, attributing the activity to a security breach staged by an unidentified competitor seeking to damage the company's reputation.

Investigators tracking the campaign for several years identified a pattern of massive DDoS assaults originating exclusively within Brazil and directed solely at domestic ISPs. The breakthrough came earlier this month when an anonymous source provided KrebsOnSecurity with a file archive exposed in a publicly accessible web directory. The archive contained multiple Portuguese-language malware specimens written in Python, along with documentation suggesting deliberate orchestration of the attacks. Among the infected devices identified in the logs were Archer AX21 routers manufactured by TP-Link, a model frequently exploited due to known vulnerabilities that allow remote takeover without owner authentication.

The findings raise serious questions about the integrity of Brazil's domestic cybersecurity ecosystem and the potential for threat actors to operate under the guise of protection services. Industry analysts warn that the incident could intensify scrutiny of firms offering DDoS mitigation within the region, particularly where firewall infrastructure doubles as an attack platform. Regulatory pressure on Brazilian internet service providers may increase as they face pressure to identify and remediate compromised endpoints within their networks. The case also highlights the ongoing challenge of attributing cyberattacks in markets where threat actors routinely exploit legal ambiguity and jurisdictional complexity.