Key Findings

• Cloudflare mitigated the largest ever distributed denial-of-service (DDoS) attack, measuring 29.7 terabits per second (Tbps)

• The attack originated from the AISURU DDoS botnet-for-hire, which has been linked to numerous high-volume DDoS attacks over the past year

• The 69-second attack did not disclose the target, but AISURU has targeted telecommunication providers, gaming companies, hosting providers, and financial services

• AISURU is believed to be powered by a massive network of 1-4 million infected hosts worldwide

• The attack used a UDP "carpet-bombing" technique, randomizing packet attributes to evade defenses

• Cloudflare has mitigated 2,867 AISURU attacks since the start of 2025, with 1,304 occurring in Q3 2025 alone

• DDoS attack severity jumped sharply in Q3 2025, with a 189% increase in attacks over 100 million packets per second (Mpps) and a 227% surge in attacks exceeding 1 Tbps

• Most attacks, 71% of HTTP DDoS and 89% of network layer, lasted less than 10 minutes, but still caused major outages with long recovery times

• The top DDoS attack sources were located in Asia, including Indonesia, Thailand, Bangladesh, Vietnam, India, Hong Kong, and Singapore

Background

Cloudflare, a leading web infrastructure and security company, has been at the forefront of mitigating some of the largest and most sophisticated distributed denial-of-service (DDoS) attacks in recent history. In its Q3 2025 DDoS Threat Report, Cloudflare revealed that it detected and successfully mitigated the largest ever DDoS attack, measuring a staggering 29.7 Tbps.

AISURU Botnet Responsible for Record-Breaking Attack

The record-breaking 29.7 Tbps DDoS attack originated from the AISURU botnet, a DDoS botnet-for-hire that has been linked to a number of high-volume DDoS attacks over the past year. The 69-second attack did not disclose the target, but AISURU is known to have targeted telecommunication providers, gaming companies, hosting providers, and financial services.

Massive Botnet with 1-4 Million Infected Hosts

AISURU is believed to be powered by a massive network comprising an estimated 1-4 million infected hosts worldwide. The attack used a UDP "carpet-bombing" technique, randomizing various packet attributes in an attempt to evade defenses.

Cloudflare's Mitigation Efforts

Cloudflare has mitigated 2,867 AISURU attacks since the start of 2025, with 1,304 of those occurring in the third quarter of 2025 alone. In total, Cloudflare blocked 8.3 million DDoS attacks during this period, a 15% increase from the previous quarter and a 40% jump from the year prior.

Increasing DDoS Attack Severity

The Q3 2025 period saw a sharp jump in DDoS attack severity, with a 189% increase in attacks exceeding 100 Mpps and a 227% surge in attacks above 1 Tbps. Most attacks, 71% of HTTP DDoS and 89% of network layer, lasted less than 10 minutes, but still caused major outages with long recovery times.

Geographical Distribution of Attacks

The top DDoS attack sources were located in Asia, including Indonesia, Thailand, Bangladesh, Vietnam, India, Hong Kong, and Singapore. The other three top sources were Ecuador, Russia, and Ukraine.

Sources

• https://thehackernews.com/2025/12/record-297-tbps-ddos-attack-linked-to.html

• https://securityaffairs.com/185299/security/cloudflare-mitigates-record-29-7-tbps-ddos-attack-by-the-aisuru-botnet.html

• https://www.facebook.com/groups/2600net/posts/4393559357533822/

• https://itnerd.blog/2025/12/03/aisuru-the-apex-of-botnets-29-7-tbps-ddos-attack-highlighted-by-cloudflare/

• https://www.bleepingcomputer.com/news/security/aisuru-botnet-behind-new-record-breaking-297-tbps-ddos-attack/