Record-Breaking DDoS Attack Mitigated
Cloudflare announced that it has detected and stopped the largest distributed denial-of-service (DDoS) attack ever recorded, measuring an astounding 29.7 terabits per second (Tbps). The attack, which lasted for 69 seconds, originated from a DDoS botnet-for-hire known as AISURU. This botnet has been linked to several hyper-volumetric DDoS attacks over the past year.
The web infrastructure and security company did not disclose the specific target of this record-breaking attack. However, the AISURU botnet has been known to target telecommunication providers, gaming companies, hosting providers, and financial services. Previously, Cloudflare had successfully mitigated a 14.1 Bpps DDoS attack originating from the same botnet.
AISURU Botnet: A Growing Threat
AISURU is believed to be powered by a massive network of an estimated 1 to 4 million infected hosts worldwide. Cloudflare has mitigated a significant number of attacks from this botnet, with 2,867 Aisuru attacks detected since the beginning of the year. Notably, 1,304 hyper-volumetric attacks were launched from the botnet in the third quarter of 2025 alone.
Across the entire period, a total of 8.3 million DDoS attacks were blocked. This figure represents a 15% increase from the previous quarter and a 40% jump from the same period last year. In 2025, 36.2 million DDoS attacks have been thwarted, including 1,304 network-layer attacks exceeding 1 Tbps, a substantial increase from 717 in Q1 2025 and 846 in Q2 2025.
According to Cloudflare, Aisuru's activities have already caused disruptions in the United States. While ISPs were not the primary targets, critical services such as emergency services and healthcare could be indirectly impacted if botnet traffic overwhelms backbone cables.
Aisuru-driven attacks affect a wide range of industries globally. In the US, telecommunications is the most affected sector. However, other countries experience different sectors being hit the hardest. The botnet's attacks are strategically set up to target the most critical industries in each region, including gaming in Germany, banking in Austria, retail in Canada and France, and cybersecurity companies in the UK.
This incident follows a recent internal self-inflicted denial-of-service event experienced by Cloudflare. The issue was caused by a faulty dashboard update that overloaded its own systems, leading to widespread outages until the problematic code was rectified.
The Escalating Landscape of DDoS Attacks
DDoS attacks specifically targeting AI companies have surged by 347% month-over-month in Q3. This rise is attributed to increasing public scrutiny and government investigations into the regulation of generative AI in the UK and EU.
A separate report revealed a staggering 31,900% increase in HTTP DDoS traffic originating from Indonesia over a four-year period. Indonesia has consistently held its position as the top global source of DDoS attacks for over a year, reflecting its growing presence in the IoT device ecosystem and the persistent challenges in securing consumer-grade hardware.
Traditional methods for mitigating DDoS attacks are becoming increasingly ineffective due to the sheer scale and speed of modern attacks. Many systems relying on scrubbing centers lack the necessary ingress capacity to detect, let alone stop, attacks that exceed 20 Tbps.
In Q3 2025, Cloudflare blocked an average of 3,780 DDoS attacks per hour. A significant 71% of these were network-layer attacks that concluded in under 10 minutes, a timeframe too short for manual intervention or on-demand activation.
Experts recommend that businesses adopt always-on, globally distributed mitigation systems capable of automatic, terabit-scale responses. This approach is crucial in addition to on-premise appliances or scrubbing centers with limited bandwidth, as traditional methods are no longer sufficient against the evolving threat landscape.