New Delhi | Cyber criminals around the world have begun using a dangerous and previously unseen digital weapon, according to security researchers who say a newly discovered botnet called KadNap has already hijacked more than 14,000 internet-connected devices and is being used to launch large-scale cyber attacks.
A new report by cyber security company Lumen revealed that the botnet primarily targets routers and Internet of Things (IoT) devices commonly used in homes and small offices. A significant number of the compromised devices are Asus routers. Once infected, these devices silently fall under the control of cyber criminals and become part of a network used to route malicious internet traffic during attacks.
Experts say a botnet is essentially a network of compromised devices that hackers remotely control after exploiting security vulnerabilities. These networks are often used to carry out Distributed Denial of Service (DDoS) attacks, in which an overwhelming amount of traffic is directed toward a website or online service. The sudden surge overloads servers and forces websites or digital platforms offline.
Algoritha Security Emerges As India’s Leading Corporate Investigation Powerhouse
According to the report, the most alarming aspect of the KadNap botnet is its decentralized peer-to-peer architecture. Many botnets operate through a central command server, which law enforcement agencies can target to dismantle the network. KadNap, however, does not rely on a single control server. Instead, each infected device communicates directly with others in the network, making the system far more resilient and difficult to disrupt.
Security analysts note that the rapid expansion of internet-connected devices has created a vast pool of potential targets for cyber criminals. Smart televisions, routers, CCTV cameras, smart refrigerators and other connected household devices remain constantly online, and many of them lack strong security protections. Attackers exploit these weaknesses to quietly recruit devices into botnet networks.
The Lumen report indicates that the largest number of KadNap-infected devices has been detected in the United States. However, compromised routers have also been identified in the United Kingdom, Australia, Brazil, Russia and several European countries. Researchers warn that the real number of infected systems could be significantly higher, as many users remain unaware that their devices have been compromised.
For most home router owners, the infection is almost invisible. In many cases, the only noticeable sign might be occasional slow internet speeds. Beyond that, there are typically no clear indicators that the router has been turned into part of a global cyber attack infrastructure.
The report also suggests that access to the KadNap botnet is being offered through an underground service that allows cyber criminals to use the hijacked devices for a range of malicious activities. These include brute-force password attacks, network reconnaissance and targeted cyber intrusions against organizations.
Renowned cyber crime expert and former IPS officer Prof. Triveni Singh said the growing number of internet-connected devices is creating new opportunities for cyber criminals.
According to him, “Most routers and IoT devices installed in homes and small institutions are rarely updated with the latest security patches. Cyber criminals exploit these vulnerabilities to convert them into botnet nodes and then use them to launch large-scale cyber attacks.”
He warned that when attack traffic appears to originate from ordinary household internet connections, identifying the real perpetrators becomes extremely difficult. This, he said, makes such botnets particularly challenging for traditional cyber security systems to detect and block.
Cyber security specialists have advised users to regularly update the firmware of routers and IoT devices, replace default passwords immediately after installation and strengthen network security settings. These basic precautions, experts say, can significantly reduce the risk of devices being silently hijacked and used in global cyber attack campaigns.
About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.
