- Cloudflare mitigated a record DDoS attack peaking at 29.7 terabits per second (Tbps) in late 2025.
- The AISURU botnet, linked to multiple high-volume attacks, launched the incident, targeting various sectors globally.
- Over 8.3 million DDoS attacks were blocked in 2025, representing a 40% increase from the previous year.
- The frequency of network-layer attacks surpassing 1 Tbps rose markedly through the year.
- Asia accounted for seven of the top ten sources of DDoS attacks, with sectors like automotive and AI facing significant increases in attacks.
In December 2025, Cloudflare detected and mitigated the largest recorded distributed denial-of-service (DDoS) attack, which reached 29.7 Tbps. The attack lasted 69 seconds and originated from a botnet-for-hire known as AISURU. This network comprises approximately 1 to 4 million infected devices worldwide. The target of the attack was not disclosed.
The attack was a UDP carpet-bombing style, targeting an average of 15,000 destination ports per second. It employed randomized packet attributes to try to bypass security measures, according to Omer Yoachimik and Jorge Pacheco. The same botnet also launched a 14.1 billion packets per second (Bpps) attack. AISURU has frequently targeted telecommunications, gaming, Hosting, and financial services sectors.
Since early 2025, Cloudflare has mitigated 2,867 attacks associated with AISURU, with 1,304 of these hyper-volumetric attacks occurring in the third quarter alone. In total, 8.3 million DDoS attacks were blocked during the year, marking a 15% increase from the previous quarter and a 40% rise compared to 2024.
Trends observed in Q3 2025 include a 189% quarterly increase in attacks exceeding 100 million packets per second (Mpps). Most DDoS events ended within 10 minutes, affecting sectors like mining, automotive, and Artificial Intelligence (AI). AI-related DDoS traffic surged 347% in September. The automotive sector experienced the most significant growth in attacks, becoming the sixth most targeted industry worldwide.
Geographical sources of attacks are concentrated in Asia, with countries like Indonesia, Thailand, Bangladesh, Vietnam, India, Hong Kong, and Singapore among the top origin points. Other major sources include Ecuador, Russia, and Ukraine. The most attacked countries include China, Turkey, Germany, Brazil, the U.S., Russia, Vietnam, Canada, South Korea, and the Philippines.
Nearly 70% of HTTP DDoS attacks originated from known botnets, emphasizing the continuing role of these networks in large-scale cyber threats. “We’ve entered an era where DDoS attacks have rapidly grown in sophistication and size — beyond anything we could’ve imagined a few years ago,” as stated in the report.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
