Record DDoS Attack: Cloudflare Mitigates Massive 29.7 Tbps Assault from AISURU Botnet
The scale of DDoS attacks continues to surge at a breathtaking pace, and effective protection is increasingly defined not only by raw bandwidth, but by an infrastructure’s ability to withstand brief yet extreme traffic spikes. A new incident disclosed by Cloudflare illustrates just how far botnet operators have advanced in recent years.
According to Cloudflare, on Wednesday its infrastructure mitigated the largest DDoS attack ever recorded—an assault that peaked at 29.7 Tbps. The traffic originated from the commercial botnet AISURU, which has been linked to a string of ultra-high-volume attacks over the past year. The company noted that the barrage lasted 69 seconds, while the intended target remains undisclosed. Cloudflare also intercepted another attack from the same botnet, reaching 14.1 billion packets per second.
The assault took the form of a UDP flood executed as a “carpet-bombing” campaign, striking an average of 15,000 ports per second simultaneously. Cloudflare representatives report that the attackers continuously altered packet fields in an effort to circumvent filtering mechanisms. Specialists estimate that AISURU relies on a globally distributed network of roughly 1 to 4 million compromised devices, and has been relentlessly targeting telecommunications providers, gaming companies, hosting platforms, and financial institutions.
Since the beginning of 2025, Cloudflare has recorded 2,867 attacks attributed to AISURU. In the third quarter alone, the botnet accounted for 1,304 ultra-high-capacity incidents. Across the reporting period, 8.3 million DDoS attacks were blocked—15% more than in the previous quarter and 40% more than a year earlier. In total, Cloudflare’s infrastructure mitigated 36.2 million attacks in 2025.
A sharp rise is especially evident in the most severe cases: the number of network-layer attacks exceeding 1 Tbps climbed from 717 in Q1 2025 to 846 in Q2 and to 1,304 in Q3. Incidents surpassing 100 million packets per second increased quarter-over-quarter by 189%. Most attacks, however, remained short-lived—less than ten minutes for 71% of HTTP campaigns and 89% of network-layer assaults.
The geography of both attack sources and victims is also shifting. Seven of the ten leading origins of DDoS traffic were located in Asia—Indonesia, Thailand, Bangladesh, Vietnam, India, Hong Kong, and Singapore. Ecuador, Russia, and Ukraine rounded out the top ten. The most frequently targeted victims were companies in information technology, telecommunications, gambling, gaming, and online services.
Cloudflare also highlights a notable rise in attacks on the mining and metallurgical industries, along with a sharp spike in assaults against the automotive sector, which has climbed to sixth place among the most targeted fields. DDoS traffic directed at companies working with artificial intelligence surged by 347% in September 2025.
Nearly 70% of HTTP-based distributed denial-of-service attacks originated from already-known botnets. Cloudflare concludes that the world has entered an era in which DDoS campaigns are simultaneously becoming more tactically sophisticated and exponentially more powerful—leaving many organizations struggling to keep pace with the evolution of the threat.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
