Unprecedented 7.3 Tbps DDoS Assault Shakes Global Infrastructure
- John Jordan
- Jul 16
- 2 min read
An unnamed hosting provider faced a hyper-volumetric distributed denial-of-service (DDoS) attack in mid-May 2025 that peaked at an unprecedented 7.3 terabits per second over a 45-second span. Delivered by a vast botnet spanning more than 122,000 source IPs across 161 countries, the assault underscored the urgent need for automated, large-scale defense systems.

Key Takeaways
Peak attack volume: 7.3 Tbps and 4.8 billion packets per second (Bpps)
Duration: 45 seconds, delivering 37.4 TB of data
Origin: 122,145 IPs across 5,433 autonomous systems in 161 countries
Multi-vector composition: 99.996% UDP floods, 0.004% mixed reflection and amplification
Mitigation: Cloudflare’s Magic Transit blocked the attack automatically
Attack Overview
The record-breaking incident targeted a hosting provider protected by Cloudflare’s Magic Transit service. In just three quarters of a minute, the attackers unleashed enough traffic to stream over 9,350 HD movies simultaneously. Key characteristics:
Multi-vector flood: UDP floods dominated, complemented by QOTD, Echo, NTP reflections, Mirai UDP floods, portmap and RIPv1 amplification.
Global footprint: Top source countries included Brazil, Vietnam, Taiwan, China, and Indonesia.
Automated defense: Cloudflare’s network of 477 data centers in 293 locations absorbed and nullified the traffic.
Scale and Composition
Cloudflare’s Q2 2025 data paints a stark picture of DDoS escalation:
6,500+ hyper-volumetric attacks (≥1 Tbps or ≥1 Bpps) blocked—an average of 71 per day.
592% quarter-over-quarter surge in attacks exceeding 100 million packets per second.
1,150% increase in L3/4 attacks over 1 Tbps compared to Q1.
Total blocked hits reached 27.8 million by mid-2025, surpassing all of 2024.
Attack vectors in Q2 2025:
Vector Type | Share (%) |
---|---|
DNS Floods | 33 |
SYN Floods | 27 |
UDP Floods | 13 |
Application-Layer | Increased 74% |
Targeted Sectors and Geography
The telecommunications sector emerged as the prime target, reflecting its strategic value:
Top industries: Telecommunications; Internet; IT & Services; Gaming; Banking & Financial Services.
Most attacked countries: China, Brazil, Germany, India, South Korea.
Major attack sources: Indonesia, Singapore, Hong Kong, Argentina, Ukraine.
Botnet Evolution
Botnets have grown exponentially in size and sophistication:
Largest observed botnet: 4.6 million devices—20× larger than 2024’s record.
Geographical spread: Brazil (29.7%), US (12.1%), Vietnam (7.9%), India (2.9%), Argentina (2.8%).
DemonBot variant: Exploits weak SSH credentials and open IoT ports to launch multi-vector floods.
Mitigation and Future Outlook
The successful defense against the 7.3 Tbps attack demonstrates that only always-on, AI-driven mitigation platforms can withstand next-generation threats. Organizations should:
Adopt cloud-based DDoS protection with automated scrubbing.
Secure IoT devices with strong credentials and regular firmware updates.
Monitor for emerging botnet variants and ransom DDoS trends.
As cybercriminals harness AI and proliferate botnets, the cybersecurity community must shift from reactive measures to proactive, scalable defenses to safeguard critical infrastructure. As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.
Sources
Hackers Breaking Internet with 7.3 Tbps and 4.8 Billion Packets Per Second DDoS Attack, CyberSecurityNews.
Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors, The Hacker News.