ACCORDING to Krebs on Security, a Brazilian tech firm that specialises in network protection has been linked to enabling a botnet used in an extended campaign of massive DDoS attacks against Brazilian ISPs. The exposed file archive allegedly contained private SSH keys belonging to Huge Networks’ chief executive, Erick Nascimento, and detailed how a Brazil‑based threat actor maintained root access to the company’s infrastructure to build a powerful botnet targeting insecure routers and DNS servers.
The attacks focused on Brazilian IP address ranges, using DNS reflection and amplification to magnify the impact, with scripts invoking TP-Link Archer AX21 devices that remained vulnerable to CVE-2023-1389. Nascimento says the activity resulted from a security breach and that he did not author the attack software, noting he had notified upstreams about large DDoS events and that the compromised servers were subsequently wiped and keys rotated.
The article also recalls a Mirai-based DDoS incident in May 2025 that Krebs on Security described as one of the largest mitigations, with Nascimento suggesting a competitor may be responsible.