- Microsoft detected and stopped a record-breaking 15.72 terabits per second (Tbps) DDoS attack in Australia.
- The assault was launched by the AISURU IoT botnet, comprised of over 500,000 infected devices.
- AISURU primarily targets online gaming and avoids government and military systems.
- Botnets like AISURU also conduct activities such as credential stuffing, AI-driven web scraping, spamming, and phishing.
- Another IoT botnet, Eleven11, was recently dismantled after launching thousands of DDoS attacks.
On Monday, Microsoft announced it had automatically detected and mitigated a massive distributed denial-of-service (DDoS) attack aimed at a single endpoint in Australia. The attack reached 15.72 Tbps and nearly 3.64 billion packets per second (pps), marking it as the largest cloud-based DDoS assault ever recorded. The targeted party remains unidentified.
The attack originated from an extensive Internet of Things (IoT) botnet known as AISURU, classified as TurboMirai-type, involving over 500,000 source IPs distributed globally. Microsoft’s Sean Whalen stated the attack consisted of high-rate UDP floods with minimal source spoofing and randomized source ports, aiding in tracing and blocking the traffic (source).
Data provided by QiAnXin XLab indicates that AISURU controls about 300,000 infected devices, mainly routers, security cameras, and DVRs. This botnet has been responsible for some of the largest DDoS attacks recorded so far. According to a recent NETSCOUT report, AISURU operates with a limited clientele and reportedly avoids targeting government, law enforcement, military, and national security infrastructures. Most attacks appear focused on online gaming environments (source).
Besides DDoS attacks exceeding 20 Tbps, AISURU also facilitates various illicit activities like credential stuffing, AI-driven web scraping, spamming, phishing, and offers a residential proxy service. Microsoft noted the increasing attack scale is linked to faster broadband speeds and more powerful IoT devices.
Separately, NETSCOUT detailed another TurboMirai botnet named Eleven11 (also known as RapperBot), which carried out approximately 3,600 DDoS attacks through hijacked IoT devices between February and August 2025. Authorities recently arrested operators and dismantled this botnet. Some of its command-and-control servers used the “.libre” top-level domain, part of the OpenNIC system, which bypasses traditional Internet DNS managed by ICANN. Despite its takedown, compromised devices remain at risk of being recruited for future botnets (source).
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Crypto Market Hits $3.2T; Only 10% of Assets Generate Yield
- AI Bubble, Rate Worries Rattle Wall St; S&P 500, Nasdaq Tumble Hard
- El Salvador Buys 1,000+ Bitcoin Amid Market Sell-Off
- Trump to Sell $Billions in F-35 Jets to Saudi Crown Prince MBS
- Billie Eilish Criticizes Musk’s Wealth; Tesla CEO Fires Back Online
