Headline
Cloudflare Blocks Aisuru Botnet Powered Largest Ever 29.7 Tbps DDoS Attack
Cloudflare’s Q3 2025 DDoS Threat Report reveals the Aisuru botnet launched a record 29.7 Tbps attack. Learn which sectors were the most targeted, and the key drivers behind the surge in attacks.
The Internet faced an aggressive surge in cyberattacks during the third quarter of 2025, according to a comprehensive DDoS threat report from Cloudflare, a web security and infrastructure company. The period was dominated by a notorious IoT botnet called Aisuru, which launched some of the largest-ever attacks.
Aisuru is believed to be a huge army of 1 to 4 million compromised devices worldwide, powerful enough to be rented out to anyone looking to cause chaos for a few hundred to a few thousand US dollars.
****The Unprecedented Scale of Aisuru****
Cloudflare reports that Aisuru was responsible for a world record-breaking DDoS attack that peaked at 29.7 terabits per second (Tbps) and 14.1 billion packets per second (Bpps).
This volume of traffic, achieved by a technique called UDP carpet-bombing, can even cause “collateral Internet disruption” for major Internet Service Providers (ISPs) in places like the US, slowing down or disrupting service for millions of users even when the ISP wasn’t the main target.
Source: Cloudflare
Since the start of 2025, Cloudflare has stopped 2,867 Aisuru attacks, including 1,304 massive “hyper-volumetric” ones in the third quarter alone, a 54% jump from the previous quarter.
It is worth noting that overall, Cloudflare’s automated systems blocked a total of 8.3 million DDoS attacks in the quarter, a 40% increase compared to last year. Interestingly, the two main types of attacks saw different trends: Network-layer attacks surged by 87%, while HTTP attacks actually fell by 41%. Furthermore, most attacks, including 71% of HTTP and 89% of network-layer attacks, lasted under 10 minutes, highlighting the challenge of human response time.
****Geopolitics Influencing Targets****
Certain industries were hit particularly hard. Information Technology & Services was the most attacked industry overall in Q3 2025, followed by Telecommunications and Gambling and Casinos.
However, some sectors saw dramatic spikes in attack frequency due to real-world events. Artificial Intelligence (AI) Companies, for example, reported the largest DDoS attack traffic, up by as much as 347% in September 2025, coinciding with the growing public discussions over AI regulation.
Similarly, the Automotive Industry saw the largest surge, moving 62 spots up the most attacked list, followed by the Mining, Minerals and Metals industry, given the rising trade tensions between the European Union and China.
Regarding affected countries, the most dramatic rise was seen in the Maldives (up 125 spots) and France (up 65 spots) during periods of national protests, indicating threat actors prefer targeting sites during unrest.
Nevertheless, China remains the most attacked country, followed by Turkey, Germany, Brazil, and the United States (which jumped 11 spots). Surprisingly, Indonesia remains the largest source of these attacks globally for the fourth consecutive quarter, with seven out of the top ten attack sources located in Asia.
Source: Cloudflare
****Automated Defence is Key****
Cloudflare concludes that because most attacks are now simply “too fast for any human or on-demand service to react,” companies must start relying more on automated systems for survival in the current digital age.
“Cybercriminals attack from all angles and are incredibly relentless in their attempts. Although this attempt was mitigated, it is a clear reminder that volume-powered DDoS campaigns are still evolving faster than the majority of organisations’ defences,“ said Jake Moore, Global Cybersecurity Advisor at ESET.
Commenting on the significance of the AISURU botnet, Moore emphasised that “scale and its use of highly randomised traffic show that relying on legacy filtering or static rules is not always enough, plus DDoS attacks are a clever way of targeting a company without having to genuinely hack the network, and the attackers can remain largely anonymous, making it so successful in its disruption.“
_“_However, even with current robust protections, each year threat actors become better equipped and use even more IP addresses at scale to flood systems, making it increasingly more difficult to protect from. Once again, companies need to continually look into future-proofing their networks and to continue to expect the unexpected,” he advised.