top of page
Search

Aisuru/Kimwolf Botnet Sets New Global DDoS Record With 31.4 Tbps

  • Feb 5
  • 2 min read

Key Findings


  • The Aisuru/Kimwolf botnet launched a record-setting DDoS attack that peaked at 31.4 Tbps and 200 million requests per second.

  • The attack was part of a broader campaign targeting multiple organizations, primarily in the telecommunications and IT sectors.

  • Cloudflare automatically detected and mitigated the attack, which they dubbed "The Night Before Christmas" due to its timing in late December 2025.

  • The Aisuru/Kimwolf botnet is a large-scale network of malware-infected devices, estimated to have between 1-4 million compromised hosts.

  • DDoS attacks surged by 121% in 2025, with Cloudflare mitigating an average of 5,376 attacks per hour.


Background


The Aisuru/Kimwolf botnet has been linked to a series of record-breaking DDoS attacks in recent years, showcasing its immense scale and firepower. The latest assault, which unfolded in late December 2025, stands out as the largest publicly disclosed DDoS event to date.


Attack Details


  • The attack combined hyper-volumetric HTTP floods with network-layer assaults, overwhelming targets in short but extremely intense bursts.

  • More than half of the individual attacks lasted between one and two minutes, with many peaking between 1-5 Tbps.

  • The 31.4 Tbps peak surpassed Aisuru's own previous record of 29.7 Tbps, as well as a separate 15.72 Tbps attack attributed to the botnet.


Targeted Sectors and Geographies


  • Telecommunications providers were the most heavily targeted, followed by IT firms, gambling platforms, and gaming companies.

  • The largest volumes of attack traffic originated from Bangladesh, Ecuador, and Indonesia, while China, Hong Kong, Germany, Brazil, and the U.S. were among the most frequently targeted countries.


Broader Trends


  • DDoS attacks surged by 121% in 2025, with Cloudflare mitigating an average of 5,376 attacks per hour.

  • Network-layer DDoS attacks accounted for 78% of the total in Q4 2025, a 31% increase from the previous quarter and a 58% rise year over year.

  • Hyper-volumetric attacks increased by 40% in Q4 2025 compared to the previous quarter, with a 700% growth in the size of these attacks compared to late 2024.


Aisuru/Kimwolf Botnet Infrastructure


  • The botnet has ensnared more than 2 million Android devices, many of them compromised off-brand Android TVs, often by tunneling through residential proxy networks.

  • The operators have been found to run a network of residential proxy businesses that secretly turn users' devices into attack nodes without their knowledge or consent.


Conclusion


The Aisuru/Kimwolf botnet's record-setting 31.4 Tbps DDoS attack highlights the growing sophistication and scale of modern cybercrime networks. As the number and size of DDoS attacks continue to surge, organizations will need to reevaluate their defense strategies to keep pace with this evolving threat landscape.


Sources


  • https://thehackernews.com/2026/02/aisurukimwolf-botnet-launches-record.html

  • https://www.techworm.net/2026/02/aisuru-botnet-global-ddos-record-31-4-tbps.html

  • https://hackmag.com/news/aisuru-31-4-tbps

  • https://www.facebook.com/tomshardware/posts/aisuru-kimwolf-botnet-smashes-ddos-traffic-record-at-314-tbs/1304061575091591/

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page