Article Details

Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts. Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps). The activity, the web infrastructure and security company said, originated from a DDoS botnet-for-hire known as AISURU, which has been linked to a number of hyper-volumetric DDoS attacks over the past year. The attack lasted for 69 seconds. It did not disclose the target of the attack. The botnet has prominently targeted telecommunication providers, gaming companies, hosting providers, and financial services. Also tackled by Cloudflare was a 14.1 Bpps DDoS attack from the same botnet. AISURU is believed to be powered by a massive network comprising an estimated 1-4 million infected hosts worldwide. "The 29.7 Tbps was a UDP carpet-bombing attack bombarding an average of 15,000 destination ports per second," Omer Yoachimik and Jorge Pacheco said. "The distributed attack randomized various packet attributes in an attempt to evade defenses." In all, Cloudflare has mitigated 2,867 Aisuru attacks since the start of the year, out of which 1,304 hyper-volumetric attacks were launched from the botnet in the third quarter of 2025 alone. A total of 8.3 million DDoS attacks were blocked during the entire time period, a figure that represents a 15% increase from the previous quarter and a 40% jump from last year. As many as 36.2 million DDoS attacks were thwarted in 2025, of which 1,304 were network-layer attacks exceeding 1 Tbps, up from 717 in Q1 2025 and 846 in Q2 2025. Some of the other notable trends observed in Q3 2025 are listed below - "We've entered an era where DDoS attacks have rapidly grown in sophistication and size — beyond anything we could've imagined a few years ago," Cloudflare said. "Many organizations have faced challenges in keeping pace with this evolving threat landscape."