{ "id": "f561b3aa-2f38-4808-b8b9-11435a6fcc28", "created_at": "2026-04-23T02:55:11.006157Z", "updated_at": "2026-04-25T02:18:33.935564Z", "deleted_at": null, "sha1_hash": "62611882936bfa19cdd71a4c171ae0ee0a1535e3", "title": "Steam, Riot Games hit by disruptions: massive DDoS attack suspected", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 49570, "plain_text": "Steam, Riot Games hit by disruptions: massive DDoS attack\r\nsuspected\r\nBy Don't miss our latest stories on Google News. Add us as your Preferred Source on Google\r\nPublished: 2025-10-07 · Archived: 2026-04-23 02:33:54 UTC\r\nMultiplayer gamers on different platforms have experienced service outages and disruptions simultaneously.\r\nThe cybersecurity community suspects a major distributed denial of service attack (DDoS) from Aisuru, a\r\nmassive botnet pushing out record-breaking traffic.\r\nDowndetector users are reporting widespread problems affecting Steam and Riot Games, two of the world’s\r\nlargest gaming platforms. Gamers complain about being unable to play major titles, such as Counter-Strike, Dota\r\n2, Valorant, League of Legends, and many others.\r\ndisruptions-downdetector\r\nImage by Downdetector.\r\nOutage reports began surging around 8:00 PM EDT on October 6th, with thousands of users mentioning losing\r\nserver connections. The brief disruptions have recurred several times since.\r\nRiot Games' status page confirmed critical game disconnection issues, affecting gamers on all major platforms:\r\nWindows, macOS, iOS, and Android.\r\n“We’re aware of a problem causing players to disconnect from their games and have disabled ranked queues while\r\nwe investigate,” the alert reads.\r\nlol-disruptions\r\nThe disconnection issues prompted the developer to disable ranked games.\r\nThe issues also seem to be affecting other major platforms, including non-gaming ones. More reports than usual\r\nwere received about issues affecting PlayStation Network, Epic Games, Hulu, AWS, xfinity, Cox, and other\r\nservices.\r\nMassive DDoS attack suspected\r\nWhile official confirmations are still pending, many cybersecurity experts attribute the disruptions to a massive\r\nDDoS attack, allegedly from Aisuru, which is likely the largest currently operating botnet.\r\n“Attackers began a series of sophisticated TCP carpet bomb attacks that aim to replicate legitimate traffic as\r\nclosely as possible. This is one of the more advanced attack vectors we’ve seen, and we worked quickly to\r\ndevelop a patch and ship it out globally,” one cyber defender’s alert was quoted on Reddit.\r\nhttps://cybernews.com/security/steam-riot-gaming-services-hit-by-disruptions-ddos-suspected/\r\nPage 1 of 3\n\nCybercrime news reporter vxdb on X reported about the DDoS attack, likely originating from the Aisuru botnet,\r\nthat had shattered all previous records: the bandwidth reached 29.69 terabits per second (Tbps).\r\nThe previous record was 22.2 Tbps – a DDoS attack on September 23rd, blocked by Cloudflare, was twice as\r\nlarge as anything seen on the internet before.\r\nThe Aisuru botnet, first discovered by XLab researchers in August 2024, has been growing ever since and has\r\nrepeatedly broken records. In May, it attacked KrebsOnSecurity, a cybersecurity blog, with a 6.3 terabit per\r\nsecond data rate. This September, the attacks peaked at 11.5Tbps.\r\nAccording to XLab, this mega botnet spreads by compromising vulnerable internet-connected devices, such as A-MTK cameras, D-Link, Linksys, and other routers, gateways, DVRs, and others. The latest estimates suggest that\r\nthe botnet controls around 300,000 nodes.\r\nThe group behind Aisuru seems highly organized. It employs advanced techniques to evade detection and\r\nmaintain control of the infected systems. The researchers also noted attempts to convey certain ideological\r\ncontent.\r\n“The Aisuru botnet has launched attacks worldwide, spanning multiple industries. Its primary targets have been\r\nlocated in regions such as China, the United States, Germany, the United Kingdom, and Hong Kong. The attacks\r\nshow no strong signs of selectivity, with several hundred targets hit on a daily basis,” XLab warned.\r\nThis massive cybercrime infrastructure now also seems to be exploited for proxy services.\r\nUnlock more exclusive Cybernews content on YouTube.\r\nhttps://cybernews.com/security/steam-riot-gaming-services-hit-by-disruptions-ddos-suspected/\r\nPage 2 of 3\n\nSource: https://cybernews.com/security/steam-riot-gaming-services-hit-by-disruptions-ddos-suspected/\r\nhttps://cybernews.com/security/steam-riot-gaming-services-hit-by-disruptions-ddos-suspected/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "origins": [ "web" ], "references": [ "https://cybernews.com/security/steam-riot-gaming-services-hit-by-disruptions-ddos-suspected/" ], "report_names": [ "steam-riot-gaming-services-hit-by-disruptions-ddos-suspected" ], "threat_actors": [ { "id": "75108fc1-7f6a-450e-b024-10284f3f62bb", "created_at": "2024-11-01T02:00:52.756877Z", "updated_at": "2026-04-25T02:00:04.057671Z", "deleted_at": null, "main_name": "Play", "aliases": null, "source_name": "MITRE:Play", "tools": [ "Nltest", "AdFind", "PsExec", "Wevtutil", "Cobalt Strike", "Playcrypt", "Mimikatz" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1776912911, "ts_updated_at": 1777083513, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/62611882936bfa19cdd71a4c171ae0ee0a1535e3.pdf", "text": "https://archive.orkl.eu/62611882936bfa19cdd71a4c171ae0ee0a1535e3.txt", "img": "https://archive.orkl.eu/62611882936bfa19cdd71a4c171ae0ee0a1535e3.jpg" } }