A new record-breaking 29.7 Tbps distributed denial-of-service (DDoS) attack launched via the Aisuru botnet has set a new standard for internet disruption and reinforced that multi-terabit attacks are on track to soon be an everyday event for DDoS defenders. According to Cloudflare’s latest DDoS threats report, Aisuru launched an intense hyper-volumetric DDoS on a network layer with traffic that reached 29.7 Tbps and 14.1 billion packets per second, reaching new heights beyond previous records that topped 22 Tbps.
The DDoS attack employed a UDP ‘carpet bombing’ technique that targeted 15,000 destination ports every second with random packet components constantly varying so as not to get filtered out at traditional scrubbing centers. Despite these efforts, Cloudflare reports that Aisuru traffic took mere seconds for an autonomous mitigation system to identify and remove.
Behind the incident is a botnet Cloudflare now estimates at 1 million to 4 million compromised devices, making Aisuru the biggest DDoS botnet in active circulation. Since the start of 2025, Cloudflare has mitigated 2,867 Aisuru incidents, with 1,304 hyper-volumetric attacks in the third quarter alone - a 54% quarter-over-quarter increase that equates to about 14 mega-events a day. Segments of the botnet are openly leased as "chunks", allowing buyers to rent enough power to take down backbone connections or perhaps even national ISPs for mere hundreds or thousands of dollars apiece.
Cloudflare thwarted a total of 8.3 million DDoS attacks in the third quarter of 2025, a 15% increase from the prior quarter and 40% year-over-year, while marking the 2025 year-to-date total at 36.2 million - already 170% of all attacks recorded in 2024 and still one full quarter away.
About 71% of Q3 attacks were network-layer traffic, which soared 87% QoQ and 95% YoY, while HTTP-layer events fell 41% QoQ and 17% YoY, indicating a strategic swing back to pure bandwidth and transport-layer exhaustion. The extremes are picked up the most: incidents over 100 Mpps jumped 189% QoQ, and those above 1 Tbps increased by 227%, though many ended within 10 minutes, too late for any effective intervention by manual actions or DDoS-on-demand mitigation programs.
Collateral damage continues to escalate as well. KrebsOnSecurity reports Aisuru-driven traffic has already caused severe outages at U.S. internet services not targeted as main victims. Cloudflare data shows Aisuru and actors like it have targeted telecoms, gaming, hosting, and financial services intensely. Information Technology and Services, telecoms, gambling and casinos are among the toughest hit sectors in Q3.
Geopolitics and societal unrest are increasingly reflected in attack behavior. DDoS traffic against generative AI service providers jumped as high as 347% month-over-month in September, and DDoS attacks on mining, minerals and metals, and autos failed to lag as tensions escalated involving EV tariffs and China and the EU.
Indonesia continues as source number one for DDoS traffic, registering an astonishing 31,900% increase in HTTP DDoS requests since 2021, and there were sharp increases in Q3 2025 for the Maldives, France, and Belgium, reflecting massive protests and worker walkouts. China stayed the most‑targeted country, followed by Turkey and Germany, with the United States climbing to fifth and the Philippines showing the steepest rise within the top 10, underscoring how modern DDoS campaigns now track political flashpoints, public anger, and regulatory fights over AI and trade almost in real time.
