Aisuru Botnet Sets New Record with 29.7 Tbps DDoS Attack
- Dec 4, 2025
- 2 min read
Key Findings
Cloudflare mitigated the largest ever distributed denial-of-service (DDoS) attack, measuring 29.7 terabits per second (Tbps)
The attack originated from the AISURU DDoS botnet-for-hire, which has been linked to numerous high-volume DDoS attacks over the past year
The 69-second attack did not disclose the target, but AISURU has targeted telecommunication providers, gaming companies, hosting providers, and financial services
AISURU is believed to be powered by a massive network of 1-4 million infected hosts worldwide
The attack used a UDP "carpet-bombing" technique, randomizing packet attributes to evade defenses
Cloudflare has mitigated 2,867 AISURU attacks since the start of 2025, with 1,304 occurring in Q3 2025 alone
DDoS attack severity jumped sharply in Q3 2025, with a 189% increase in attacks over 100 million packets per second (Mpps) and a 227% surge in attacks exceeding 1 Tbps
Most attacks, 71% of HTTP DDoS and 89% of network layer, lasted less than 10 minutes, but still caused major outages with long recovery times
The top DDoS attack sources were located in Asia, including Indonesia, Thailand, Bangladesh, Vietnam, India, Hong Kong, and Singapore
Background
Cloudflare, a leading web infrastructure and security company, has been at the forefront of mitigating some of the largest and most sophisticated distributed denial-of-service (DDoS) attacks in recent history. In its Q3 2025 DDoS Threat Report, Cloudflare revealed that it detected and successfully mitigated the largest ever DDoS attack, measuring a staggering 29.7 Tbps.
AISURU Botnet Responsible for Record-Breaking Attack
The record-breaking 29.7 Tbps DDoS attack originated from the AISURU botnet, a DDoS botnet-for-hire that has been linked to a number of high-volume DDoS attacks over the past year. The 69-second attack did not disclose the target, but AISURU is known to have targeted telecommunication providers, gaming companies, hosting providers, and financial services.
Massive Botnet with 1-4 Million Infected Hosts
AISURU is believed to be powered by a massive network comprising an estimated 1-4 million infected hosts worldwide. The attack used a UDP "carpet-bombing" technique, randomizing various packet attributes in an attempt to evade defenses.
Cloudflare's Mitigation Efforts
Cloudflare has mitigated 2,867 AISURU attacks since the start of 2025, with 1,304 of those occurring in the third quarter of 2025 alone. In total, Cloudflare blocked 8.3 million DDoS attacks during this period, a 15% increase from the previous quarter and a 40% jump from the year prior.
Increasing DDoS Attack Severity
The Q3 2025 period saw a sharp jump in DDoS attack severity, with a 189% increase in attacks exceeding 100 Mpps and a 227% surge in attacks above 1 Tbps. Most attacks, 71% of HTTP DDoS and 89% of network layer, lasted less than 10 minutes, but still caused major outages with long recovery times.
Geographical Distribution of Attacks
The top DDoS attack sources were located in Asia, including Indonesia, Thailand, Bangladesh, Vietnam, India, Hong Kong, and Singapore. The other three top sources were Ecuador, Russia, and Ukraine.
Sources
https://thehackernews.com/2025/12/record-297-tbps-ddos-attack-linked-to.html
https://securityaffairs.com/185299/security/cloudflare-mitigates-record-29-7-tbps-ddos-attack-by-the-aisuru-botnet.html
https://www.facebook.com/groups/2600net/posts/4393559357533822/
https://itnerd.blog/2025/12/03/aisuru-the-apex-of-botnets-29-7-tbps-ddos-attack-highlighted-by-cloudflare/
https://www.bleepingcomputer.com/news/security/aisuru-botnet-behind-new-record-breaking-297-tbps-ddos-attack/


Comments