- Aisuru botnet, with up to 4M IoT devices, launched a record 29.7 Tbps DDoS attack
- Cloudflare mitigated 1,304 hyper‑volumetric attacks in Q3; targets included telecom, gaming, hosting, and finance
- Recent victims include Gcore (6 Tbps flood) and Microsoft (largest cloud DDoS at 15.72 Tbps)
The Aisuru botnet, a network of compromised and malicious Internet of Things (IoT) devices, has mounted a record-breaking Distributed Denial of Service (DDoS) attack for the third time in as many months.
Earlier this week, Cloudflare released its 2025 Q3 DDoS threat report, detailing an attack by “the apex of botnets”. In the report, the CDN giant said Aisuru counts anywhere between one and four million infected devices, and that it mounted a DDoS attack that peaked at 29.7 terabits per second (Tbps) and 14.1 billion packets per second (Bpps).
Cloudflare described it as a “UDP carpet-bombing attack bombarding an average of 15K destination ports per second”.
Thousands of Aisuru attacks
The distributed attack randomized various packet attributes, attempting to work around the defenses, but Cloudflare’s mitigation systems managed to prevent the attack autonomously, the report reads.
The botnet was extremely active, too, averaging 14 hyper-volumetric attacks daily, many of which “routinely exceeded” 1 Tbps and 1 Bpps.
Furthermore, there were 54% more attacks in the third quarter of the year, compared to the second one.
It targeted organizations in different verticals, Cloudflare also stated, including telecommunications providers, gaming companies, hosting providers, and financial services. The botnet was also used to target US internet infrastructure and since it’s offered as a service, virtually anyone can easily disrupt critical infrastructure, healthcare services, emergency services, or even the US military.
“Since the start of 2025, Cloudflare has already mitigated 2,867 Aisuru attacks,” the report claims. “In the third quarter alone, Cloudflare mitigated 1,304 hyper-volumetric attacks launched by Aisuru.”
In mid-October this year, gaming company Gcore was hit with a “short-burst volumetric flood” lasting between 30 and 45 seconds and peaking at 6Tbps with 5.3 billion packets per second, an attack that was later attributed to Aisuru. A month later, Microsoft announced successfully mitigating “the largest DDoS attack ever observed in the cloud”, which was also attributed to the same botnet.
The attack used more than 500,000 source IPs, across various regions, delivering a multi-vector Distributed Denial of Service (DDoS) attack measuring 15.72 Tbps and nearly 3.64 billion packets per second (pps).
Via BleepingComputer
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.