A security investigation has revealed that Huge Networks, a Brazilian DDoS protection firm, may be facilitating a massive botnet targeting local ISPs. Evidence surfaced from an exposed online directory containing malicious Python scripts and the private SSH keys of the company's CEO. The botnet primarily exploits a command injection vulnerability (CVE-2023-1389) in TP-Link Archer AX21 routers to conduct DNS reflection and amplification attacks strictly within Brazilian IP ranges.
Huge Networks CEO Erick Nascimento denies intentional involvement, attributing the malicious activity to a security breach of development servers occurring in early 2026. While the CEO claims the incident was orchestrated by a competitor to tarnish the firm's reputation, historical patterns and testimonials from former clients have raised concerns about the company's role in the regional digital sieges. A third-party network forensics firm has been engaged to investigate the extent of the internal compromise.