Massive DDoS Attack Reaches Record-Breaking 29.7 Tbps AISURU Botnet Suspected

Cloudflare announced Wednesday that they successfully blocked the biggest distributed denial-of-service (DDoS) attack ever recorded, clocking in at a staggering 29.7 terabits per second (Tbps).

So, where did this monster attack come from? Cloudflare says it originated from a DDoS botnet-for-hire called AISURU. This botnet has been linked to quite a few hyper-volumetric DDoS attacks over the past year. The attack itself lasted just over a minute, 69 seconds to be exact. Cloudflare is keeping the target under wraps for now.

Apparently, AISURU likes to go after telecommunication providers, gaming companies, hosting providers, and financial services. Cloudflare also fended off a 14.1 Bpps DDoS attack from the same source. Experts believe AISURU is fueled by a huge network of somewhere between 1 and 4 million compromised devices worldwide.

"This 29.7 Tbps attack was a UDP carpet-bombing attack, hitting an average of 15,000 different ports every second," said Omer Yoachimik and Jorge Pacheco from Cloudflare. "The distributed attack also randomized different parts of the packets, making it harder to defend against."

Since the beginning of the year, Cloudflare has blocked 2,867 attacks linked to Aisuru. A whopping 1,304 of those hyper-volumetric attacks happened in just the third quarter of 2025. In total, they blocked 8.3 million DDoS attacks during that period – a 15% jump from the previous quarter and a 40% increase compared to last year.

Zooming out, 2025 saw 36.2 million DDoS attacks stopped in their tracks. Out of those, 1,304 were network-layer attacks exceeding 1 Tbps – that's up from 717 in Q1 and 846 in Q2. Here are some other interesting trends they've noticed recently:

• The number of DDoS attacks exceeding 100 million packets per second (Mpps) nearly tripled.
• Most attacks (71% of HTTP DDoS and 89% of network layer) were over in under 10 minutes.
• Asia was a hotbed for DDoS sources, with seven of the top ten locations including Indonesia, Thailand, Bangladesh, Vietnam, India, Hong Kong, and Singapore.
• The mining industry saw a big surge in DDoS attacks.
• The automotive industry experienced the largest increase in DDoS attacks overall.
• AI companies saw a massive spike in DDoS attack traffic, up 347% in September.
• IT, telecommunications, gambling, gaming, and internet services remain the most popular targets.
• China, Turkey, Germany, Brazil, the U.S., Russia, Vietnam, Canada, South Korea, and the Philippines were the most frequently attacked countries.
• Nearly 70% of HTTP DDoS attacks came from known botnets.

"We're now in a world where DDoS attacks are growing faster and becoming more complex than ever before," Cloudflare warned. "Many organizations are struggling to keep up with this constantly evolving threat."