top of page
Search

Microsoft Blocks Massive 15.72 Tbps DDoS Attack from AISURU Botnet

  • Nov 18, 2025
  • 2 min read

Key Findings


  • Microsoft disclosed that it automatically detected and mitigated a 15.72 Tbps DDoS attack, the largest ever observed in the cloud, targeting a single endpoint in Australia.

  • The attack originated from the AISURU botnet, a Mirai-class IoT botnet powered by nearly 300,000 infected devices, mainly routers, security cameras, and DVR systems.

  • The attack involved massive UDP floods from over 500,000 source IPs across various regions, with minimal spoofing and random source ports, simplifying traceback and enforcement.

  • Botnets like AISURU enable multifunctional capabilities beyond just DDoS, including credential stuffing, AI-driven web scraping, spamming, and phishing.


Background


The AISURU botnet is a TurboMirai-class IoT botnet that has been attributed to some of the largest DDoS attacks on record. According to data from QiAnXin XLab, the botnet is powered by nearly 300,000 infected devices, predominantly routers, security cameras, and DVR systems.


The Massive 15.72 Tbps DDoS Attack


On October 24, 2025, Microsoft's Azure DDoS Protection system automatically detected and mitigated a massive multi-vector DDoS attack targeting a single endpoint in Australia. The attack peaked at 15.72 Tbps and nearly 3.64 billion packets per second (pps), making it the largest DDoS attack ever observed in the cloud.


The attack originated from the AISURU botnet, using massive UDP floods from over 500,000 source IPs across various regions. The traffic had minimal spoofing and utilized random source ports, which simplified traceback and facilitated provider enforcement.


Aisuru's Multifunctional Capabilities


In addition to powerful DDoS attacks exceeding 20 Tbps, the AISURU botnet also enables other illicit activities, such as credential stuffing, AI-driven web scraping, spamming, and phishing. The botnet incorporates a residential proxy service, allowing it to reflect HTTPS DDoS attacks.


The Evolving Threat Landscape


Microsoft noted that the growing size of DDoS attacks is a result of the scaling of the internet itself, with faster fiber-to-the-home speeds and increasingly powerful IoT devices continuously raising the baseline for attack size.


Sources


  • https://thehackernews.com/2025/11/microsoft-mitigates-record-572-tbps.html

  • https://securityaffairs.com/184749/cyber-crime/microsoft-mitigated-the-largest-cloud-ddos-ever-recorded-15-7-tbps.html

  • https://hackread.com/microsoft-azure-blocks-tbps-ddos-attack-botnet/

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page