AISURU Botnet Launches Multi-Wave DDoS Attack on Steam Servers
On August 24, the Steam platform experienced a sudden outage, leading to widespread complaints from players around the world who were unable to access their accounts. Initially, many users speculated that the incident was caused by a surge in players for the popular game Black Myth: Wukong. However, it was later revealed that the true cause was a massive DDoS attack on Steam’s servers.
According to Perfect World, the attack affected both Steam’s international servers and the company’s servers in China. In total, 107 server IP addresses across 13 countries, including the USA, China, Japan, Germany, and others, were targeted. The attack was meticulously planned and executed in four waves, each timed to coincide with peak player activity in different time zones, maximizing the disruption to the platform.
The XLab research team, which specializes in analyzing cyber threats, discovered that over 60 botnet control nodes were involved in coordinating the actions of thousands of infected devices during the attack. According to XLab, the primary source of the attack was a botnet named AISURU, which, according to its operators, consisted of approximately 30,000 bots and had an attack capacity of up to 2 terabits per second.
The incident coincided with the release of Black Myth: Wukong on the Steam platform, raising suspicions that the attack might have been aimed at undermining the Chinese gaming market. Before this incident, serious attacks on Perfect World’s servers had not been recorded.
AISURU botnet has gained notoriety in the cybercriminal community for its powerful attacks. This botnet, which evolved from the previously discovered Fodcha, exploited numerous vulnerabilities to hijack devices and organize attacks. AISURU continued to employ strategies from its predecessor but also introduced innovations in encryption and network communications.
For the attack, AISURU used a sophisticated bot management system and encrypted commands to coordinate its actions. Analysis revealed that the botnet utilized various protocols to bypass security systems and was capable of adapting to new threats.
This event demonstrated that DDoS attacks remain a significant threat to major online services, despite their long history. Playing a key role in disrupting the platform’s operations, the AISURU attack was one of the largest in recent times, impacting the global gaming industry and causing significant disruptions to its operations.
