Menu
Browse

Cyber Threat Actor: Mēris

Actor Type Location Known Incidents
 Icon
Crime Syndicate
Russia
1 incident
Profile

Mēris is a threat actor publicly associated with large-scale distributed denial-of-service (DDoS) attacks, operating under this singular known alias. Public reporting links the actor to Russia, though no explicit organizational affiliations or state-sponsored nexus are detailed in available sources. The entity demonstrates a consistent focus on maximizing attack scale through geographically distributed infrastructure, primarily leveraging compromised proxy servers to amplify malicious traffic. Its operations exhibit technical familiarity with exploiting misconfigured or vulnerable intermediary devices to generate high-volume HTTPS request floods, avoiding reliance on traditional botnets composed of consumer IoT devices.

One representative operation attributed to Mēris occurred in June 2022 against a Google Cloud Armor customer, constituting the largest reported Layer 7 DDoS attack at its time, peaking at 46 million requests per second. The attack originated from 5,256 distinct IP addresses spanning 132 countries, reflecting the actor’s ability to coordinate widely dispersed resources. Attack traffic mirrored previously observed Mēris methodologies, specifically the exploitation of vulnerable proxies to generate HTTPS-based requests intended to overwhelm target infrastructure. Defensive measures implemented by Google Cloud Armor detected anomalous traffic patterns during the attack’s early stages, automatically generating a protective signature that enabled the customer to deploy targeted throttling rules before peak intensity. This mitigation successfully contained malicious traffic at Google’s network edge, preserving service availability and forcing the attacker to abandon the campaign after 69 minutes when the attack became operationally unsustainable. The incident underscores Mēris’s persistent focus on disruption through volumetric attacks while highlighting defensive countermeasures capable of neutralizing even extreme-scale threats through rapid anomaly detection and automated response mechanisms.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources