Microsoft Azure successfully defended against the largest distributed denial-of-service (DDoS) attack ever recorded in cloud computing history on October 24, 2025. The assault peaked at 15.72 terabits per second (Tbps).
It involved nearly 3.64 billion packets per second (pps), overwhelming a single endpoint in Australia with the volume of traffic.
This multi-vector attack highlighted the growing scale of cyber threats, as attackers harnessed over 500,000 compromised devices to flood the target.
Despite the intensity, Azure’s automated defenses ensured zero downtime for customer services, demonstrating robust cloud security measures.
The attack originated from the Aisuru botnet, a sophisticated variant of the Turbo Mirai malware family that infects Internet of Things (IoT) devices such as home routers and IP cameras.
Aisuru exploits vulnerabilities in equipment from vendors such as T-Mobile, Zyxel, D-Link, and Linksys, including Realtek chip flaws and DVRs/NVRs.
Researchers noted that the botnet rapidly expanded in April 2025 after operators compromised a TotoLink router firmware update server, infecting around 100,000 devices.
This growth enabled Aisuru to launch record-breaking assaults, including a 22.2 Tbps attack on Cloudflare in September 2025 and an 11.5 Tbps strike earlier that month.
Operating as a DDoS-for-hire service, Aisuru avoids government or military targets but disrupts broadband providers with attacks exceeding 1.5 Tbps from infected customer gear.
Unpacking The Attack Mechanics
The DDoS campaign relied on high-rate User Datagram Protocol (UDP) floods directed at a specific public IP address, using minimal source IP spoofing and randomized source ports to complicate detection.
These bursts originated from diverse regions, primarily residential ISPs in the United States and other countries, making traceback easier for defenders because of limited obfuscation.
Unlike traditional attacks with spoofed IPs, Aisuru’s traffic patterns mimicked legitimate flows in some cases, incorporating TCP and GRE floods alongside UDP, with packet sizes ranging from small to large and up to 119 TCP flag variations.
The sheer volume equated to streaming about 3.5 million Netflix movies simultaneously or one million 4K videos per second, underscoring how rising fiber-to-the-home speeds and powerful IoT hardware fuel escalating threats.
Azure’s DDoS Protection service detected the anomaly through continuous global monitoring and adaptive algorithms, activating mitigation within seconds.
The platform’s distributed scrubbing centers filtered malicious packets in real-time, redirecting clean traffic to the endpoint while absorbing the flood across its worldwide network.
This layered approach, including traffic analysis and anomaly detection, prevented any service disruption, even as the attack lasted several hours.
Microsoft emphasized that Aisuru’s non-spoofed traffic aided provider enforcement, allowing upstream ISPs to block infected sources more effectively.
Lessons For Cloud Security
As IoT proliferation and internet speeds advance, DDoS baselines continue to rise, with attackers scaling alongside global connectivity.
Experts warn that holiday seasons amplify risks, as increased online activity attracts threat actors.
Organizations should enable DDoS protection for all internet-facing workloads and conduct regular simulations to test readiness.
Patching IoT vulnerabilities promptly and monitoring for botnet indicators, like unusual UDP bursts, can mitigate future incidents.
This Azure event reinforces the need for proactive defenses in cloud environments, where single endpoints can face nation-state-level firepower from everyday devices.
By staying vigilant, businesses can safeguard against evolving botnet tactics, such as those from Aisuru.
 attack ever recorded in cloud computing){kind=link}