Aisuru botnet behind new record-breaking 29.7 Tbps DDoS attack

Recorded: Dec. 3, 2025, 4:02 p.m.

Original

News

Featured
Latest

North Korea lures engineers to rent identities in fake IT worker scheme

Fake Calendly invites spoof top brands to hijack ad manager accounts

University of Pennsylvania confirms new data breach after Oracle hack

Google fixes two Android zero days exploited in attacks, 107 flaws

Deep dive into DragonForce ransomware and its Scattered Spider connection

Aisuru botnet behind new record-breaking 29.7 Tbps DDoS attack

University of Phoenix discloses data breach after Oracle hack

Score 65% off a Microsoft Surface with impressive performance

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Startup Database
Uninstall Database
Glossary
Chat on Discord
Send us a Tip!
Welcome Guide

HomeNewsSecurityAisuru botnet behind new record-breaking 29.7 Tbps DDoS attack

Aisuru botnet behind new record-breaking 29.7 Tbps DDoS attack

By Bill Toulas

December 3, 2025
09:01 AM
0

In just three months, the massive Aisuru botnet launched more than 1,300 distributed denial-of-service attacks, one of them setting a new record with a peak at 29.7 terabits per second.
Aisuru is a huge botnet-for-hire service that provides an army of routers and IoT devices compromised via known vulnerabilities or through brute-forcing weak credentials.
Internet management and infrastructure company Cloudflare estimates that the botnet uses between one and four million infected hosts across the world.
Cybercriminals can rent from distributors parts of the Aisuru botnet to launch distributed denial-of-service (DDoS) attacks.
The largest hyper-volumetric attack from Aisuru-controlled devices occurred in the third quarter of 2025 and was successfully mitigated by Cloudflare.
The previous record DDoS attack, which peaked at 22.2 Tbps, was also mitigated by Cloudflare and was attributed to Aisuru with medium confidence. More recently, Microsoft disclosed that the same botnet hit its Azure network with a massive 15 Tbps DDoS attack launched from 500,000 IP addresses.
Cloudflare reports that it mitigated 2,867 Aisuru attacks since the beginning of the year, almost 45% of them being hyper-volumetric - attacks that exceed 1 Tbps or 1 billion packets per second (Bpps).
The internet company did not name the target of the record-breaking incident, but notes that the attack lasted 69 seconds and peaked at 29.7 Tbps. It used UDP carpet-bombing to direct “garbage” traffic to an average of 15,000 destination ports per second.

Graph from the record-breaking Aisuru attackSource: Cloudflare
Another massive DDoS attack that the company mitigated reached 14.1 Bpps.
Cloudflare says that Aisuru attacks can be so devastating that the amount of traffic can disrupt internet service providers (ISPs), even if they are not directly targeted.
"If Aisuru’s attack traffic can disrupt parts of the US’ Internet infrastructure when said ISPs were not even the target of the attack, imagine what it can do when it’s directly aimed at unprotected or insufficiently protected ISPs, critical infrastructure, healthcare services, emergency services, and military systems," Cloudflare says.
Rise in hyper-volumetric attacks
Statistical data from Cloudflare shows that hyper-volumetric DDoS attacks from the Aisuru botnet are rising steadily this year, reaching 1,304 incidents in Q3 alone.
According to the researchers, Aisuru is targeting companies in various sectors, including gaming, hosting providers, telecommunications, and financial services.

Hypervolumetric DDoS attacks per quarterSource: Cloudflare
DDoS attacks exceeding 100 Mpps increased by 189% QoQ, and those exceeding 1 Tbps more than doubled (227%) QoQ.
Most attacks end in less than 10 minutes, according to Cloudflare, leaving defenders and on-demand services little time to respond.
“A short attack may only last a few seconds, but the disruption it causes can be severe, and recovery takes far longer,” explained Cloudflare.
“Engineering and operational teams are then stuck with a complex, multi-step process to get critical systems back online, check data for consistency across distributed systems, and restore secure, reliable service to customers.”
In terms of the number of DDoS attacks, this past quarter wasn’t at the level of Q1, but 2025 continues to be far more severe than the past years, and even without November and December having been accounted for yet.

Number of DDoS attacks as of October 2025Source: Cloudflare
Cloudflare says that in Q3 it mitigated an average of 3,780 DDoS attacks every hour, most coming from Indonesia, Thailand, Bangladesh, and Ecuador, and targeting China, Turkey, Germany, Brazil, and the United States.

Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Get the guide

Related Articles:
Cloudflare mitigates new record-breaking 22.2 Tbps DDoS attackMicrosoft: Azure hit by 15 Tbps DDoS attack using 500,000 IP addressesNew Eleven11bot botnet infects 86,000 devices for DDoS attacksFrench Football Federation discloses data breach after cyberattackGreyNoise launches free scanner to check if you're part of a botnet

Aisuru
Botnet
Cyberattack
DDoS
Distributed Denial-of-Service
Internet

Bill Toulas
Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Previous Article
Next Article

Popular Stories

ChatGPT is down worldwide, conversations disappeared for users

Glassworm malware returns in third wave of malicious VS Code packages

Google deletes X post after getting caught using a ‘stolen’ AI recipe infographic

Sponsor Posts

Empowering IT teams with intelligence driven cyber threat research.

AI is a data-breach time bomb: Read the new report

Hackers love the holidays! Share FREE Security Awareness Training to keep family & friends cyber-safe!

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Username

Password

Remember Me

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

Aisuru, a for-hire botnet service, achieved a new record in December 2025 with a peak Distributed Denial-of-Service (DDoS) attack volume of 29.7 terabits per second (Tbps). This attack, orchestrated by the botnet, highlights the escalating sophistication and scale of cyber threats. According to Cloudflare, which played a crucial role in mitigating the attack, Aisuru operates between one and four million compromised hosts globally, utilizing routers and Internet of Things (IoT) devices acquired through known vulnerabilities or brute-force credentialing.

The incident occurred as part of a broader trend demonstrating a rise in hyper-volumetric DDoS attacks attributed to Aisuru. Specifically, in the third quarter of 2025, the botnet launched 1,304 incidents exceeding this threshold, representing a significant increase compared to previous periods. Cloudflare’s analysis indicated that attacks exceeding 100 million packets per second (Mpps) increased by 189% quarter-over-quarter (QoQ), while those exceeding 1 terabit per second (Tbps) more than doubled (227%) QoQ. The record-breaking attack itself lasted 69 seconds, deploying UDP "carpet-bombing" to direct a massive number of “garbage” traffic—an average of 15,000 destination ports per second. This demonstrates a targeted approach aimed at overwhelming target systems.

The company pinpointed Indonesia, Thailand, Bangladesh, and Ecuador as leading sources of the Aisuru botnet’s attacks, with the primary targets being China, Turkey, Germany, Brazil, and the United States. Cloudflare reported mitigating an average of 3,780 DDoS attacks each hour during this period, and the attacks frequently ended within 10 minutes, providing limited time for defenders to respond. This underscores the urgency of proactive defenses and rapid incident response capabilities.

The surge in Aisuru’s activity is linked to the botnet’s growing portfolio of targets, encompassing gaming companies, hosting providers, telecommunications entities, and financial services organizations. The increased scale of these attacks poses a heightened risk to critical infrastructure, healthcare services, emergency response systems, and military networks. The record-breaking 29.7 Tbps attack, a key indicator of the evolving threat landscape, emphasized the vulnerabilities inherent in poorly secured IoT devices and the importance of robust DDoS mitigation strategies, alongside rapid response systems. Aisuru’s operations exemplify a contemporary cybercrime trend, posing a continuous and significant risk.