Mantis botnet responsible for record-breaking Cloudflare attacks

Ryan Daws is a senior editor at TechForge Media with over a decade of experience in crafting compelling narratives and making complex topics accessible. His articles and interviews with industry leaders have earned him recognition as a key influencer by organisations like Onalytica. Under his leadership, publications have been praised by analyst firms such as Forrester for their excellence and performance. Connect with him on X (@gadget_ry) or Mastodon (

A botnet called Mantis has been linked to record-breaking attacks targeting Cloudflare customers.

Last month, Cloudflare said that it successfully mitigated a record-breaking DDoS attack of 26 million requests per second. Just a couple of months earlier, Cloudflare reported that it mitigated a previous record-breaking attack of 15.3 million requests per second.

Mantis has now been linked to both attacks.

For the attacks, the majority of traffic originated from Indonesia. Other large attack traffic source countries were Brazil, Russia, and India. In the past month alone, over 3,000 HTTP DDoS attacks have been launched against Cloudflare customers.

While previous record-setting DDoS attacks have predominately originated from botnets that have taken advantage of the rapid proliferation of IoT devices, the latest attacks have increased their volume by compromising far more powerful machines.

Cloudflare’s Omer Yoachimik said the attack last month “originated mostly from cloud service providers as opposed to residential internet service providers, indicating the use of hijacked virtual machines and powerful servers to generate the attack—as opposed to much weaker Internet of Things devices.”

In one attack on an unnamed customer last month, more than 212 million HTTPS requests were generated from over 1,500 networks across 121 countries in under 30 seconds.

Here are the industries most targeted by the Mantis botnet:

Over 20 percent of the attacks targeted US companies, followed closely by over 15 percent of Russian firms. Other countries that were also attacked (each targeted in under five percent of cases) include Turkey, France, Poland, Ukraine, and the United Kingdom.

Cloudflare gave Mantis its name due to the shrimp which are small but extremely powerful. Despite being less than 10cm in length, the claws of mantis shrimps can generate a shock wave with a force of 1,500 Newtons at speeds of 83 km/h from a standing start.

“The Mantis botnet operates a small fleet of approximately 5,000 bots, but with them can generate a massive force — responsible for the largest HTTP DDoS attacks we have ever observed,” explained Yoachimik.

(Image Credit: Cloudflare)

Want to learn more about cybersecurity from industry leaders? Check out the Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *