Cloudflare has announced the detection and mitigation of a distributed denial of service (DDoS) attack that peaked at 29.7 terabits per second (Tbps), the largest ever recorded by the company. The attack, lasting 69 seconds, was launched by the botnet for hire known as AISURU.
The AISURU Botnet: The Engine of the Attack
Cloudflare identified that the attack came from the AISURU botnet, a cybercrime network that has been linked to numerous hypervolume DDoS attacks over the past year. The AISURU botnet is estimated to be powered by a massive network of between 1 and 4 million infected hosts worldwide.
The 29.7 Tbps attack was UDP carpet-bombing, bombarding an average of 15,000 target ports per second. To evade defenses, the attack randomized several packet attributes.
DDoS Attack Trends in the Third Quarter of 2025
The incident underscores the growing sophistication and scale of DDoS attacks. Cloudflare has mitigated 2,867 AISURU attacks since the beginning of the year, with 1,304 hypervolume attacks launched in Q3 2025 alone. Q3 data reveals several concerning trends in the threat landscape:
- Increase in attack volume: 8.3 million total DDoS attacks were blocked during the quarter, representing a 15% increase from the previous quarter and a 40% increase compared to last year.
- High intensity attacks: Attacks exceeding 100 million packets per second (Mpps) increased 189% quarter-on-quarter.
- Increase in 1 Tbps attacks: 1,304 network layer attacks exceeding 1 Tbps were mitigated, a significant increase from 717 in Q1 and 846 in Q2 2025.
- Duration of attacks: Most HTTP DDoS (71%) and network layer (89%) attacks ended in less than 10 minutes.
Impact by Geography and Industry
Cloudflare’s report also highlights the industries and regions most affected by DDoS activity in Q3 2025:
Industries most attacked:
- Main sectors: Information technology, telecommunications, betting, gaming and internet services.
- Biggest growth: The automotive industry experienced the largest increase in DDoS attacks, becoming the sixth most attacked sector globally. Mining and metals also saw a considerable increase.
- AI attacks: DDoS attack traffic against artificial intelligence (AI) companies skyrocketed 347% in September 2025.
Geography of attacks:
- Top Sources: Seven of the top ten sources of DDoS attacks are located in Asia (Indonesia, Thailand, Bangladesh, Vietnam, India, Hong Kong and Singapore). The other three main origins are Ecuador, Russia and Ukraine.
- Target Countries: China, Turkey, Germany, Brazil, USA, Russia, Vietnam, Canada, South Korea and the Philippines were the most attacked countries.
Conclusion
The rapid evolution of DDoS attacks, both in sophistication and size, poses a significant challenge to organizations. Cloudflare warns that “we have entered an era where DDoS attacks have grown rapidly in sophistication and size, beyond what we could have imagined a few years ago.” This threat landscape requires organizations to stay up-to-date with advanced defenses to protect their critical infrastructure.