Brazilian DDoS protection firm Huge Networks is under scrutiny after leaked files linked its infrastructure and CEO’s credentials to a botnet targeting regional internet service providers across Brazil.

Key Points

• An exposed archive revealed Python scripts and private SSH keys belonging to Huge Networks CEO Erick Nascimento used to orchestrate massive DDoS attacks.
• The botnet exploited the CVE-2023-1389 vulnerability in TP-Link Archer AX21 routers to enlist devices into a Mirai-based malware network.
• Attackers utilized DNS reflection techniques to amplify traffic, specifically targeting Brazilian IP address ranges with short, high-intensity bursts of malicious data.
• CEO Erick Nascimento claims the activity resulted from a January 2026 security breach involving a compromised jump server and a legacy personal droplet.
• Huge Networks has hired a third-party forensics firm to investigate the intrusion, while Nascimento alleges a competitor orchestrated the breach to damage his company's reputation.

Why it Matters

This incident highlights the significant security risks posed when infrastructure providers suffer internal compromises, potentially turning defensive tools into offensive weapons. It also underscores the ongoing threat of Mirai-based botnets, which continue to leverage unpatched IoT vulnerabilities to disrupt critical regional internet services.