A new distributed DDoS botnet that kept hammering Russian internet giant Yandex for the past month, the attack peaking at the unprecedented rate of 21.8 million requests per second.

The botnet received the name Mēris, and it gets its power from tens of thousands of compromised devices that researchers believe to be primarily powerful networking equipment.

News about a massive DDoS attack hitting Yandex broke this week in the Russian media, which described it as being the largest in the history of the Russian internet, the so-called RuNet with striking force of more than 30,000 devices

The assaults on Yandex servers relied on about 56,000 attacking hosts. The number of compromised devices may be closer to 250,000, researchers noted. L2TP tunnels are used for internetwork communications

The difference between the attacking force and the total number of infected hosts forming Mēris is explained by the fact that the administrators do not want to parade the full power of their botnet. The compromised hosts in Mēris are highly capable devices that require an Ethernet connection.

Mēris is the same botnet responsible for generating the largest volume of attack traffic that Cloudflare recorded and mitigated to date, as it peaked at 17.2 million requests per second (RPS). Mēris botnet broke that record when hitting Yandex, as its flux on September 5 reached a force of 21.8 million RPS.

The botnet’s history of attacks on Yandex begins in early August with a strike of 5.2 million RPS and kept increasing in strength:

2021-08-07 – 5.2 million RPS
2021-08-09 – 6.5 million RPS
2021-08-29 – 9.6 million RPS
2021-08-31 – 10.9 million RPS
2021-09-05 – 21.8 million RPS