Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet

Cloudflare blocked a record 29.7 Tbps DDoS attack from the AISURU botnet. The 69-second attack set a new high, though the target remains undisclosed.

Cloudflare stopped a record 29.7 Tbps DDoS attack from the AISURU botnet, a 69-second barrage that set a new volume record. The cybersecurity firm did not disclose the name of the targeted organization.

Cloudflare’s Q3 2025 DDoS Threat Report highlights the unprecedented impact of the Aisuru botnet, a 1–4 million-device network launching hyper-volumetric attacks regularly above 1 Tbps and 1 Bpps. These attacks rose 54% quarter-over-quarter (QoQ), averaging 14 per day, with peaks of 29.7 Tbps and 14.1 Bpps. Cloudflare also saw DDoS traffic spike 347% MoM against AI firms, and increases targeting Mining/Metals and Automotive sectors amid EU-China trade tensions. Overall, the company blocked 8.3M attacks, up 15% QoQ and 40% YoY.

Aisuru has hit telecom, gaming, hosting, and financial firms, even causing collateral U.S. Internet disruption due to its massive traffic volumes. Parts of the botnet are sold as-for-hire services, enabling anyone to launch powerful DDoS attacks for only a few hundred to a few thousand dollars.

““Chunks” of Aisuru are offered by distributors as botnets-for-hire, so anyone can potentially inflict chaos on entire nations by crippling backbone networks and saturating Internet links, disrupting millions of users and impairing access to essential services — all at a cost of a few hundred to a few thousand U.S. dollars.” reads the report published by Cloudflare. “Since the start of 2025, Cloudflare has already mitigated 2,867 Aisuru attacks.”

Cloudflare has mitigated 2,867 Aisuru attacks in 2025, including 1,304 hyper-volumetric attacks in Q3 such as the record 29.7 Tbps and 14.1 Bpps floods, all blocked autonomously.

DDoS attack severity jumped sharply in Q3: attacks over 100 Mpps rose 189% QoQ, and those exceeding 1 Tbps surged 227%. On the HTTP side, 4% of attacks surpassed 1M requests per second. Most incidents are extremely short, 71% of HTTP and 89% of network-layer attacks end within 10 minutes, yet still cause major outages, with recovery taking far longer due to complex system checks and restoration. Short-burst attacks can have lasting operational impact. Indonesia remains the top global DDoS source, leading for a full year, with HTTP attack traffic from the country surging 31,900% since 2021.

DDoS attacks spiked across several sectors in Q3 2025. Mining, Minerals & Metals saw a sharp rise amid EU–China tensions over EV tariffs and rare-earth exports, jumping 24 spots to become the 49th most targeted industry. The Automotive sector experienced the biggest surge, climbing 62 places to rank sixth, while cybersecurity firms rose 17 spots to 13th.
AI companies were hit especially hard: in September 2025, HTTP DDoS traffic against generative-AI services surged up to 347% amid growing public concern and regulatory scrutiny in the UK.
Overall, the most attacked industries were Information Technology & Services, Telecommunications, and Gambling & Casinos, with notable increases across Automotive, Media, Financial Services, Retail, and Consumer Electronics.

“We’ve entered an era where DDoS attacks have rapidly grown in sophistication and size — beyond anything we could’ve imagined a few years ago. Many organizations have faced challenges in keeping pace with this evolving threat landscape.” concludes the report. “Organizations relying on on-premise mitigation appliances or on-demand scrubbing center solutions may benefit from reviewing their defense strategy given the current threat landscape.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)