In a stunning display of cyber aggression, the Aisuru botnet has shattered previous records by launching a colossal Distributed Denial-of-Service (DDoS) attack, peaking at an unprecedented 29.7 terabits per second (Tbps). Cloudflare, a leading web infrastructure and security company, successfully detected and mitigated this massive assault, which lasted a mere 69 seconds. This event marks a significant escalation in the scale and sophistication of cyber threats, highlighting the growing power of botnets-for-hire.

Key Takeaways

• Record-Breaking Attack: The Aisuru botnet launched a 29.7 Tbps DDoS attack, the largest ever recorded.

• Massive Botnet: Aisuru is estimated to comprise between 1 and 4 million infected hosts worldwide.

• Sophisticated Tactics: The attack utilized UDP carpet-bombing with randomized packet attributes to evade defenses.

• Widespread Impact: Such attacks can cause collateral damage, disrupting internet infrastructure beyond the intended targets.

• Botnet-for-Hire: Aisuru is available as a service, lowering the barrier for malicious actors.

The Scale of the Attack

The 29.7 Tbps UDP flood, described as a "carpet-bombing" attack, bombarded an average of 15,000 destination ports per second. This technique, combined with randomized packet attributes, was designed to overwhelm and bypass conventional security measures. Cloudflare's global network absorbed the full brunt of this traffic, preventing significant disruption to the targeted customer.

Aisuru Botnet: A Growing Threat

Cloudflare attributes the attack to the Aisuru botnet, a formidable network believed to be powered by an estimated 1 to 4 million infected hosts globally. This botnet has been linked to numerous hyper-volumetric DDoS attacks over the past year, frequently targeting telecommunication providers, gaming companies, hosting providers, and financial services. The botnet is also reportedly being sold as a "botnet-for-hire" service, allowing less sophisticated actors to rent its destructive power.

Broader DDoS Landscape and Trends

This record-breaking attack occurred within a broader context of escalating DDoS activity. In the third quarter of 2025 alone, Cloudflare mitigated 8.3 million DDoS attacks, a 15% increase from the previous quarter and a 40% jump from the previous year. The report also highlighted several other notable trends:

• Hyper-Volumetric Attacks: Attacks exceeding 1 Tbps more than doubled quarter-over-quarter.

• Attack Duration: Most attacks, including 71% of HTTP DDoS and 89% of network-layer attacks, lasted less than 10 minutes, leaving little time for manual response.

• Geographic Sources: Seven of the top ten sources of DDoS attacks were located in Asia, with Indonesia consistently being the leading origin.

• Targeted Sectors: While information technology, telecommunications, and gaming remained top targets, the automotive and mining industries saw significant increases in attacks.

• AI and Geopolitics: DDoS attacks against AI companies spiked by 347% in September 2025, coinciding with increased regulatory scrutiny. Geopolitical tensions also appeared to influence attack patterns.

Implications and Defense Strategies

The sheer scale of the Aisuru attack underscores the increasing fragility of global internet infrastructure. Attacks of this magnitude can saturate backbone links, potentially disrupting critical services. Cloudflare emphasizes that legacy security solutions are struggling to keep pace, urging organizations to adopt automated, always-on defenses capable of handling terabit-scale threats. Proactive measures, including hardening network infrastructure and implementing robust, globally distributed mitigation solutions, are crucial for defending against these evolving cyber threats.

Sources

• Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts, The Hacker News.

• 29.7 Tbps DDoS Attack by Aisuru Botnet Becomes the Largest Ever Recorded, GBHackers News.

• Aisuru botnet shatters DDoS record with new 29.7 Tbps attack, CyberInsider.

• Aisuru botnet behind new record-breaking 29.7 Tbps DDoS attack, BleepingComputer.

• Cloudflare Mitigates Historic World Record 29.7 Tbps DDoS Attack!, LinkedIn.