Security Experts:

Connect with us

Hi, what are you looking for?



Powerful ‘Mantis’ DDoS Botnet Hits 1,000 Organizations in One Month

Web protection firm Cloudflare warns that a small but powerful botnet has launched distributed denial-of-service (DDoS) attacks on roughly 1,000 organizations over the past month alone.

Web protection firm Cloudflare warns that a small but powerful botnet has launched distributed denial-of-service (DDoS) attacks on roughly 1,000 organizations over the past month alone.

Dubbed Mantis, the botnet is responsible for a record-breaking 26 million requests per second (RPS) HTTPS DDoS attack observed in June, and it has since continued to display strength, with more than 3,000 attacks launched over the past several months.

Mantis is small, being powered by approximately 5,000 bots, but the fact that these are compromised virtual machines and powerful servers gives the botnet much more strength than its size would suggest.

“The Mantis botnet was able to generate the 26M HTTPS requests per second attack using only 5,000 bots. That’s an average of 5,200 HTTPS RPS per bot,” Cloudflare product manager Omer Yoachimik notes.

Yoachimik also points out that launching DDoS attacks over HTTPS is highly expensive in terms of computational resources, because they require establishing secure TLS encrypted connections.

“Mantis is the next evolution of the Meris botnet. The Meris botnet relied on MikroTik devices, but Mantis has branched out to include a variety of VM platforms and supports running various HTTP proxies to launch attacks,” Yoachimik explains.

Meris is believed to have launched record-breaking attacks last year, including a 22 million RPS DDoS assault at the beginning of September 2021, when it had roughly 200,000 bots, and a 17.2 million RPS attack two weeks before.

According to Cloudflare, the new Mantis botnet has also contributed to a spike in the number of HTTP DDoS attacks observed over the past month, being responsible for no less than 3,000 such assaults.

Most of these attacks (36%) targeted the internet and telecommunication sector, with the news, media, and publishing industry being the botnet’s second favorite target, followed by the gaming and finance sectors.

Sectors targeted by Mantis DDoS botnet

More than 20% of the targets were organizations in the United States and roughly 15% were Russian companies. Turkey, France, and Poland rounded up the top five list, with roughly 5% each.

Related: MikroTik Confirms Mēris Botnet Targets Routers Compromised Years Ago

Related: Small Botnet Launches Record-Breaking 26 Million RPS DDoS Attack

Related: Cloudflare Customer Targeted in Record HTTPS DDoS Attack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...