Microsoft has successfully thwarted a record-breaking Distributed Denial-of-Service (DDoS) attack, reaching an unprecedented 15.72 terabits per second (Tbps). The colossal assault, originating from the AISURU botnet, targeted a single endpoint in Australia on October 24, 2025. Microsoft's Azure global protection system automatically detected and neutralized the attack, ensuring continuous service availability for the affected customer.

Key Takeaways

• Record-Breaking Scale: The attack peaked at 15.72 Tbps and nearly 3.64 billion packets per second (pps), making it the largest DDoS attack ever recorded in the cloud.

• AISURU Botnet: The assault was orchestrated by the AISURU botnet, a TurboMirai-class IoT botnet known for launching massive DDoS attacks.

• Automated Mitigation: Microsoft Azure's DDoS Protection service automatically detected and mitigated the attack without manual intervention.

• IoT Vulnerabilities: The incident highlights the growing threat posed by compromised Internet of Things (IoT) devices being weaponized for large-scale cyberattacks.

The Unprecedented Attack

The massive cyberattack, identified as the largest cloud DDoS ever recorded, originated from the AISURU botnet. This sophisticated IoT botnet, powered by over 500,000 compromised devices including routers, security cameras, and DVR systems, unleashed a multi-vector assault. The attack primarily utilized extremely high-rate UDP floods targeting a specific public IP address in Australia.

Microsoft noted that the attack exhibited minimal source spoofing and used random source ports, which paradoxically aided in simplifying traceback and facilitating provider enforcement. The sheer volume of traffic, reaching 15.72 Tbps and 3.64 billion pps, was designed to overwhelm the target's defenses.

The AISURU Botnet and Its Evolution

AISURU is classified as a TurboMirai-class botnet, capable of generating multi-terabit per second and multi-gigabit per second direct-path DDoS attacks. First observed in August 2024, it has since infected hundreds of thousands of IoT devices globally. Beyond its DDoS-for-hire services, AISURU has evolved to offer other illicit activities, including credential stuffing, AI-driven web scraping, spamming, and phishing, by incorporating a residential proxy service.

While AISURU operators reportedly avoid targeting governmental or law enforcement entities, likely to remain under the radar, the botnet has been linked to previous significant attacks. These include a 22.2 Tbps attack mitigated by Cloudflare in September 2025 and a 6.3 Tbps attack against KrebsOnSecurity in May 2025. The botnet's operators are continuously seeking new exploits to expand its reach and capabilities.

Microsoft Azure's Defense Mechanism

Microsoft's Azure DDoS Protection infrastructure played a crucial role in neutralizing the attack. The globally distributed network automatically detected the anomalous traffic patterns and effectively filtered and redirected the malicious packets. This automated response ensured that customer services remained operational without interruption, showcasing the robustness of Azure's security measures.

The incident underscores Microsoft's warning that attackers are scaling their operations in tandem with the internet's growth. As fiber-to-the-home speeds increase and IoT devices become more powerful, the baseline for attack sizes continues to climb, necessitating continuous innovation in cybersecurity defenses.

Broader Implications

The record-breaking DDoS attack highlights the persistent vulnerabilities within the global IoT ecosystem. The widespread use of compromised devices, often running outdated firmware, provides fertile ground for botnets like AISURU. This event serves as a stark reminder for both consumers and enterprises to prioritize the security of their connected devices and internet-facing applications.

Sources

• Microsoft Mitigates Record 15.72 Tbps DDoS Attack Driven by AISURU Botnet, The Hacker News.

• Microsoft Azure Blocks 15.72 Tbps Aisuru Botnet DDoS Attack – Hackread – Cybersecurity News, Data Breaches,Tech, AI, Crypto and More, Hackread.

• Microsoft mitigated the largest cloud DDoS ever recorded, 15.7 Tbps, Security Affairs.

• Microsoft says Azure was hit with a massive DDoS attack launched from over 500,000 IP addresses, TechRadar.

• Deflecting the Aisuru Botnet's 15 Tbps DDoS Fury, WebProNews.