Aisuru botnet behind new record-breaking 29.7 Tbps DDoS attack

Recorded: Dec. 3, 2025, 4:02 p.m.

Original

News

Featured
Latest

Critical React, Next.js flaw lets hackers execute code on servers

North Korea lures engineers to rent identities in fake IT worker scheme

CISA warns of Chinese "BrickStorm" malware attacks on VMware servers

Marquis data breach impacts over 74 US banks, credit unions

Hackers are exploiting ArrayOS AG VPN flaw to plant webshells

NCSC's ‘Proactive Notifications’ warns orgs of flaws in exposed devices

Predator spyware uses new infection vector for zero-click attacks

Russia blocks FaceTime and Snapchat for alleged use by terrorists

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityAisuru botnet behind new record-breaking 29.7 Tbps DDoS attack

Aisuru botnet behind new record-breaking 29.7 Tbps DDoS attack

By Bill Toulas

December 3, 2025
09:01 AM
0

In just three months, the massive Aisuru botnet launched more than 1,300 distributed denial-of-service attacks, one of them setting a new record with a peak at 29.7 terabits per second.
Aisuru is a huge botnet-for-hire service that provides an army of routers and IoT devices compromised via known vulnerabilities or through brute-forcing weak credentials.
Internet management and infrastructure company Cloudflare estimates that the botnet uses between one and four million infected hosts across the world.
Cybercriminals can rent from distributors parts of the Aisuru botnet to launch distributed denial-of-service (DDoS) attacks.
The largest hyper-volumetric attack from Aisuru-controlled devices occurred in the third quarter of 2025 and was successfully mitigated by Cloudflare.
The previous record DDoS attack, which peaked at 22.2 Tbps, was also mitigated by Cloudflare and was attributed to Aisuru with medium confidence. More recently, Microsoft disclosed that the same botnet hit its Azure network with a massive 15 Tbps DDoS attack launched from 500,000 IP addresses.
Cloudflare reports that it mitigated 2,867 Aisuru attacks since the beginning of the year, almost 45% of them being hyper-volumetric - attacks that exceed 1 Tbps or 1 billion packets per second (Bpps).
The internet company did not name the target of the record-breaking incident, but notes that the attack lasted 69 seconds and peaked at 29.7 Tbps. It used UDP carpet-bombing to direct “garbage” traffic to an average of 15,000 destination ports per second.

Graph from the record-breaking Aisuru attackSource: Cloudflare
Another massive DDoS attack that the company mitigated reached 14.1 Bpps.
Cloudflare says that Aisuru attacks can be so devastating that the amount of traffic can disrupt internet service providers (ISPs), even if they are not directly targeted.
"If Aisuru’s attack traffic can disrupt parts of the US’ Internet infrastructure when said ISPs were not even the target of the attack, imagine what it can do when it’s directly aimed at unprotected or insufficiently protected ISPs, critical infrastructure, healthcare services, emergency services, and military systems," Cloudflare says.
Rise in hyper-volumetric attacks
Statistical data from Cloudflare shows that hyper-volumetric DDoS attacks from the Aisuru botnet are rising steadily this year, reaching 1,304 incidents in Q3 alone.
According to the researchers, Aisuru is targeting companies in various sectors, including gaming, hosting providers, telecommunications, and financial services.

Hypervolumetric DDoS attacks per quarterSource: Cloudflare
DDoS attacks exceeding 100 Mpps increased by 189% QoQ, and those exceeding 1 Tbps more than doubled (227%) QoQ.
Most attacks end in less than 10 minutes, according to Cloudflare, leaving defenders and on-demand services little time to respond.
“A short attack may only last a few seconds, but the disruption it causes can be severe, and recovery takes far longer,” explained Cloudflare.
“Engineering and operational teams are then stuck with a complex, multi-step process to get critical systems back online, check data for consistency across distributed systems, and restore secure, reliable service to customers.”
In terms of the number of DDoS attacks, this past quarter wasn’t at the level of Q1, but 2025 continues to be far more severe than the past years, and even without November and December having been accounted for yet.

Number of DDoS attacks as of October 2025Source: Cloudflare
Cloudflare says that in Q3 it mitigated an average of 3,780 DDoS attacks every hour, most coming from Indonesia, Thailand, Bangladesh, and Ecuador, and targeting China, Turkey, Germany, Brazil, and the United States.

Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Get the guide

Related Articles:
Cloudflare mitigates new record-breaking 22.2 Tbps DDoS attackMicrosoft: Azure hit by 15 Tbps DDoS attack using 500,000 IP addressesNew Eleven11bot botnet infects 86,000 devices for DDoS attacksFrench Football Federation discloses data breach after cyberattackGreyNoise launches free scanner to check if you're part of a botnet

Aisuru
Botnet
Cyberattack
DDoS
Distributed Denial-of-Service
Internet

Bill Toulas
Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Previous Article
Next Article

Popular Stories

ChatGPT is down worldwide, conversations disappeared for users

Marquis data breach impacts over 74 US banks, credit unions

North Korea lures engineers to rent identities in fake IT worker scheme

Sponsor Posts

Overdue a password health-check? Audit your Active Directory for free

Empowering IT teams with intelligence driven cyber threat research.

AI is a data-breach time bomb: Read the new report

Hackers love the holidays! Share FREE Security Awareness Training to keep family & friends cyber-safe!

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Username

Password

Remember Me

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

The Aisuru botnet achieved a new record in December 2025, launching a distributed denial-of-service (DDoS) attack peaking at 29.7 terabits per second (Tbps). This attack, orchestrated by the commercially available Aisuru botnet-for-hire service, represents a significant escalation in DDoS attack capabilities. Cloudflare, a leading DDoS mitigation provider, successfully mitigated the attack, demonstrating the ongoing challenge posed by these types of threats.

Prior to this record-breaking incident, Aisuru had already been identified as a prolific source of DDoS attacks, utilizing a network of compromised routers and Internet of Things (IoT) devices. Cloudflare reported mitigating approximately 2,867 Aisuru attacks since the beginning of the year, with nearly 45% of those classified as “hyper-volumetric,” exceeding 1 terabit per second (Tbps). This trend of increasingly large and complex DDoS attacks has been steadily rising throughout 2025.

The attack on December 3rd, 2025, demonstrated a key characteristic of Aisuru’s operations: the utilization of UDP carpet-bombing, a technique that directed massive amounts of “garbage” traffic towards an average of 15,000 destination ports per second. This approach, according to Cloudflare, overwhelms target systems, disrupting services and potentially causing widespread network instability. The attack lasted 69 seconds, and was successfully mitigated, but highlights the potential vulnerability of infrastructure and sensitive systems.

Statistical data from Cloudflare revealed a troubling rise in hyper-volumetric attacks originating from the Aisuru botnet. In the third quarter of 2025 alone, there were 1,304 incidents, a significant increase compared to previous quarters. Notably, attacks exceeding 100 million packets per second (Mpps) increased by 189% quarter-over-quarter (QoQ), and those exceeding 1 Tbps more than doubled (227%) QoQ. These evolving attack patterns underscore the need for robust mitigation strategies.

The majority of Aisuru attacks concluded within 10 minutes, leaving limited time for defensive responses. Cloudflare emphasizes that such short attacks pose a severe risk, demanding swift and comprehensive recovery processes. The ensuing disruption and subsequent restoration efforts, including examining data for consistency across distributed systems and re-establishing secure service, can be a lengthy and complex undertaking by engineering and operational teams.

Geographically, Cloudflare observed that the majority of Aisuru attacks originated from Indonesia, Thailand, Bangladesh, and Ecuador, targeting China, Turkey, Germany, Brazil, and the United States. This distribution highlights the global reach and potential impact of such botnets. The significant increase in attacks in Q3 2025 compared to Q1 2025 shows that these attacks are continuing to escalate in both the volume and their sophistication, demonstrating the ongoing need for enhanced cybersecurity measures.