Eleven11bot unleashes State-Backed DDoS Attacks on Global Telecoms

Tern plc

A stealthy yet highly disruptive botnet named Eleven11bot is rapidly becoming one of the most sophisticated cyber threats of 2025. With origins suspected in Iran and an escalating focus on disrupting global telecommunications, this Mirai-variant malware has already infected tens of thousands of devices. Investors in tech and cybersecurity should take serious note—this botnet is more than just another name on the threat landscape.

Discovered in late February 2025 by Nokia’s Deepfield Emergency Response Team, the Eleven11bot has swiftly become a high-priority threat across the cybersecurity sector. Though new, its impact has been immediate and alarming. With over 86,000 infected Internet of Things (IoT) devices, it has scaled up Distributed Denial-of-Service (DDoS) attacks targeting sensitive digital infrastructure.

Eleven11bot is a variant of the Mirai botnet, but it brings new sophistication. It exploits vulnerabilities in HiSilicon-based IoT devices—common in security cameras and network video recorders—allowing it to spread quickly and strike hard. The scope and precision of its attacks indicate the work of a highly capable operator, and cyber intelligence circles are increasingly convinced it is the product of a state-backed initiative.

The botnet has focused its energy on telecommunications targets, disrupting latency-sensitive services such as VoIP and cloud gaming. This behaviour is not random. The careful selection of targets, coupled with the use of encrypted command-and-control infrastructure to deploy attack payloads, is characteristic of advanced persistent threat (APT) actors. Furthermore, nearly two-thirds of the IP addresses tied to the botnet have been traced to Iran, supporting the suspicion that this is a state-aligned operation.

The broader context cannot be ignored. Since Russia’s 2022 invasion of Ukraine, there has been a significant uptick in geopolitical cybercrime. The World Economic Forum’s Global Risks Report 2025 highlighted state-sponsored cyberattacks as a top short-term global risk. Confirming these concerns, the UK’s National Cyber Security Centre (NCSC) has identified Iran, China, Russia and North Korea as leading threats to national cybersecurity.

Eleven11bot’s methods are not groundbreaking, but its scale and strategic targeting make it unusually dangerous. It leverages common security failings—specifically, default or weak passwords on IoT devices. The majority of infected systems are found in countries with high IoT penetration, including the United States, United Kingdom, Canada, Mexico, and Australia.

For investors, this threat reinforces the urgency of increased security spending and the importance of companies that offer robust mitigation tools. There is a clear and growing market for services that can detect, prevent, and respond to botnet activity—particularly for enterprise networks and telecom infrastructure.

From a practical standpoint, the mitigation steps are clear. Device owners and network operators must ensure all IoT endpoints are updated with the latest firmware, especially those using HiSilicon chipsets. They should disable unnecessary remote access features like Telnet and SSH and change default login credentials immediately. Implementing network-level security such as firewalls and intrusion prevention systems (IPS) to block traffic from known malicious IPs is also essential.

Segregating IoT networks from critical infrastructure limits the scope of any potential breach, while deploying SIEM tools enables early detection of anomalous behaviour—such as brute force login attempts or unexpected data transmissions. Finally, strengthening DDoS mitigation frameworks will be key in withstanding future attacks from this and other evolving threats.

Eleven11bot may still be in its early stages, but it represents a broader trend in cybersecurity: the weaponisation of everyday internet-connected devices for geopolitical ends. This is not just a technical issue but a business-critical risk, particularly for industries reliant on low-latency digital services.

Tern plc (LON:TERN) backs exciting, high growth IoT innovators in Europe. They provide support and create a genuinely collaborative environment for talented, well-motivated teams.

Share on:
Find more news, interviews, share price & company profile here for:

Tern Plc raises £151,000 through Open Offer to shareholders

Tern Plc has successfully raised approximately £151,000 before expenses through its Open Offer, issuing 30.2 million new ordinary shares at 0.50 pence each.

Tern Plc cuts Board pay and introduces shareholder distribution policy

Tern has announced a 50% reduction in fixed remuneration for its Board and executive management from 1 November 2025, expected to save around £153,000 annually. The company has also introduced a new policy linking management pay to investment exits and committed to distributing at least 50% of net proceeds from disposals over £1 million to shareholders, subject to reserves and regulatory requirements.

Tern Plc launches £642k Open Offer at 0.50p per share

Tern Plc has announced an Open Offer to raise up to £642,486 through the issue of 128.5 million new shares at 0.50p each, a 20% discount to the recent market price.

Tern Plc delivers stronger interim results with reduced loss and portfolio growth

Tern Plc reported improved interim results for the six months to 30 June 2025, with a 64% reduction in loss, disciplined cost control, and a new strategic investment in Sure Ventures plc. The company also strengthened portfolio support through successful fundraises.

Tern appoints Rob Stevens as adviser on shareholder relations

Tern Plc has appointed private shareholder Rob Stevens as an adviser to support investor communications and market engagement. He has been conditionally granted 1,000,000 share options at 1.70p, vesting over three years, subject to shareholder approval at a future general meeting.

Tern Plc raises £642,486 through underwritten Open Offer

Tern Plc’s underwritten Open Offer achieved a 43 per cent take‑up, with qualifying shareholders subscribing for 27,704,433 shares. CMC Markets UK plc, as underwriter, will take up the remaining 36,544,213 shares.

Search

Search