Aisuru Botnet Launches 29.7 Tbps DDoS Attack, Setting New World Record and Disrupting the Internet

The Aisuru botnet shattered DDoS records in Q3 2025, unleashing a staggering 29.7 terabits per second (Tbps) attack the largest ever documented.

This hyper-volumetric assault, reported by Cloudflare, overwhelmed targets with 14.1 billion packets per second (Bpps) at its peak.

Comprising 1-4 million infected devices worldwide, Aisuru routinely exceeded 1 Tbps and 1 Bpps, with hyper-volumetric strikes surging 54% quarter over quarter.

Cloudflare mitigated 1,304 such attacks in the quarter alone, including this record-breaker, using fully autonomous defenses.

Aisuru’s operators rented out botnet “chunks” for hire, costing hundreds to thousands of dollars. This low barrier enabled widespread chaos against telecom providers, gaming firms, hosting services, and financial institutions.

Even non-targets suffered: U.S. ISPs faced collateral disruptions as Aisuru traffic saturated backbone networks, per Krebs on Security.

Imagine unprotected critical infrastructure hospitals, emergency services, or military systems directly hit; the fallout could cripple national access to essentials.

Record Attack Mechanics

The 29.7 Tbps monster was a UDP carpet-bombing flood, hammering an average of 15,000 destination ports per second across distributed sources.

Attackers randomized packet attributes, such as sizes, inter-arrival times, and headers, to evade detection filters.

UDP floods exploit the protocol’s connectionless nature: spoofed packets flood targets without handshakes, exhausting bandwidth and state tables on routers and firewalls.

Cloudflare’s systems absorbed it seamlessly via anycast scrubbing, BGP announcements, and machine learning anomaly detection.

No human intervention was needed the attack lasted under 10 minutes, typical for 89% of network-layer DDoS attacks.

Short bursts evade manual responses, yet recovery demands hours: teams verify data integrity, restart services, and purge queues. Aisuru amplified UDP vectors by 231% QoQ, outpacing DNS, SYN, and ICMP floods.

Broader Threat Landscape

Q3 saw Cloudflare block 8.3 million DDoS attacks per hour, up 15% QoQ and 40% year-over-year.

Network-layer strikes hit 71% (5.9 million), fueled by Aisuru and Mirai variants (2% of attacks). HTTP floods dropped 41% but still totaled 2.4 million, mostly from known botnets.

Geopolitics spiked targets: Automotive jumped 62 spots amid EU-China EV tensions; AI firms endured 347% monthly surges amid ethics debates.

Indonesia led sources, with HTTP attacks from there up 31,900% since 2021.

Legacy defenses falter at this scale on-premises appliances choke, on-demand scrubbing lags.

Cloudflare’s global network offers unmetered protection. As DDoS evolves, autonomous edges are key.