Core Points - The information systems at Berlin Brandenburg Airport remain disrupted over a week after a cyberattack on an external service provider, leading to ongoing delays and flight cancellations for travelers [1][2] - The cyberattack targeted Collins Aerospace's electronic systems, affecting passenger check-in and baggage handling processes across multiple European airports [2] Group 1: Impact on Berlin Brandenburg Airport - As of September 28, 8 incoming flights and 6 outgoing flights have been canceled, with around 600 flights originally planned for the day, affecting approximately 88,000 passengers [1] - The airport is still in a "special situation," and there is no clear timeline for when the systems will be fully restored, with repair work expected to take several more days [1] Group 2: Broader European Airport Impact - The cyberattack has also affected other major European airports, including Brussels, Dublin, and London Heathrow, causing varying degrees of operational disruption [2] - The attack was confirmed by the EU Agency for Cybersecurity to be a ransomware incident, where hackers encrypted data and systems to demand a ransom [2] - A suspect was arrested in the UK in connection with the attack but was later released under certain conditions [2]

新华财经北京9月25日电德国首都柏林机场运营方24日说，由于值机和登机系统的外部服务商遭到网络 攻击，今后几天，柏林机场航班延误或取消的情况将持续，恢复正常运营的具体时间仍有待确定。 据路透社报道，19日以来，为多家航空公司在多国机场提供值机和登机服务的柯林斯航空航天公司遭到 网络攻击，多座欧洲机场的旅客值机和登机受到严重干扰。柏林机场也是受到本次网络攻击影响的机场 之一。 （文章来源：新华社） 德新社援引欧盟网络和信息安全局说法报道，此次网络攻击涉及勒索软件，该恶意软件对数据和系统进 行加密，破坏了机场自动值机系统，借此索要赎金。目前已确认勒索软件类型，调查仍在继续。 柏林21日刚举办第51届柏林马拉松，全球超5.5万名跑者参加，受此次机场运营问题影响，目前不少跑 者仍滞留柏林。（黄爱萍） 柏林机场发言人说，系统恢复正常运转仍需数日。机场建议旅客在出发前向航空公司确认航班状态。 柏林机场24日在声明中说，目前，机场员工已在手动处理部分业务，并使用了外部技术支持。23日早晨 起，机场员工已可将托运行李分配至特定航班，而此前只能将行李运往相应航空公司。虽然处理效率略 有提升，但大量行李仍占用较多人力和空间。 ...

Investment Rating - The report does not explicitly state an investment rating for the industry or specific companies. Core Insights - The report highlights the increasing significance of botnets as tools for geopolitical conflict, particularly in the context of recent global events such as the Russia-Ukraine war and the Israel-Palestine conflict, where botnets have been used for DDoS attacks against critical infrastructure [14][18]. - The report indicates that the threat landscape posed by botnets is escalating, with a notable increase in the number of command and control (C&C) servers and attack activities, particularly targeting domestic critical infrastructure [14][15]. - Botnets are increasingly being utilized as a launchpad for advanced persistent threats (APTs) and ransomware groups, enhancing their operational efficiency by gathering intelligence and facilitating subsequent attacks [15][43]. Summary by Sections Executive Summary - In 2024, the global landscape is marked by turmoil and challenges, with the cyber domain becoming a battleground for major powers, where botnets play a crucial role in state-sponsored cyber operations [14]. - Botnets have been observed to execute high-intensity DDoS attacks against critical infrastructure, manipulate public opinion, and express political stances during significant geopolitical events [14][15]. Botnet Development Trends - Botnets have evolved into essential tools for state-level cyber warfare, with their operational capabilities being leveraged for both offensive and defensive strategies in the digital realm [18]. - The report notes that the Mirai botnet family remains the most active, with the Mozi malware continuing to spread at high levels, primarily exploiting vulnerabilities in Linux/IoT platforms [14][15]. Botnet Vulnerability and Propagation - The report identifies that Linux/IoT botnets primarily exploit outdated vulnerabilities and weak passwords for propagation, while Windows platforms are more susceptible to phishing and social engineering tactics [59][67]. - The geographical distribution of infected devices shows that the United States has the highest number of infected endpoints, followed by India, Russia, and Brazil [70][71]. Botnet Attack Activity Analysis - The Mirai botnet family is responsible for the majority of attack commands issued, with a significant spike in activity noted in September 2024 [80]. - China is reported to be the most targeted country for DDoS attacks, accounting for 34% of all recorded incidents, necessitating enhanced protection for critical infrastructure [80].