Cloudflare Stops Record 29.7 Tbps Ddos Attack

cloudflare stops record 29.7 tbps ddos attack

Cloudflare says it has automatically blocked the largest distributed denial-of-service (DDoS) attack ever recorded, a 29.7 terabits per second (Tbps) barrage launched by the Aisuru botnet in the third quarter of 2025. The hyper‑volumetric assault, which lasted just over a minute and used a carpet bombing technique, was mitigated without downtime for the unnamed customer, according to the company’s latest DDoS threat report.​

What Cloudflare Says Happened

In its Q3 2025 DDoS Threat Report, Cloudflare disclosed that its systems detected and mitigated a network‑layer attack that peaked at 29.7 Tbps and around 14.1 billion packets per second. The company did not name the target but said the incident occurred in Q3 and was handled entirely by its automated defenses.​

Cloudflare describes the incident as a UDP carpet‑bombing attack that flooded an average of about 15,000 destination ports every second with randomized traffic in an effort to bypass traditional filters. Despite the unprecedented volume, the company reports that the assault lasted only about 69 seconds before subsiding, a pattern consistent with many modern DDoS bursts that are short but extremely intense.​

Key facts on the 29.7 Tbps attack

Metric Detail
Peak bandwidth 29.7 Tbps, the highest publicly reported DDoS volume to date ​
Peak packet rate About 14.1 billion packets per second (Bpps) ​
Duration Approximately 69 seconds ​
Attack method UDP carpet‑bombing to ~15,000 destination ports per second ​
Target Not publicly disclosed by Cloudflare ​
Mitigation Fully automated by Cloudflare’s DDoS protection systems ​

Aisuru Botnet Behind the Record Attack

Cloudflare attributes the attack to Aisuru, a large DDoS botnet‑for‑hire that has been active throughout 2025 and is linked to multiple multi‑terabit incidents. Security researchers estimate that Aisuru may control between one million and four million compromised devices, including routers and other internet‑connected hardware around the world.​

Reports indicate that Aisuru’s operators and resellers offer parts of the botnet as a commercial service, enabling paying customers to launch powerful DDoS campaigns for fees ranging from a few hundred to a few thousand dollars. The botnet has been used against telecom carriers, gaming platforms, hosting providers, financial institutions and even core U.S. internet infrastructure, sometimes causing collateral congestion beyond the intended victim.​

Aisuru botnet at a glance

Attribute Detail
Estimated size Roughly 1–4 million infected devices ​
Business model Sold in chunks as DDoS‑for‑hire service ​
Typical targets Telecoms, gaming, hosting, finance, infrastructure ​
Notable recent events 29.7 Tbps attack on Cloudflare customer; 15.72 Tbps against Azure; multi‑Tbps flood against Gcore ​
Geographic footprint Global, with activity observed against U.S. and European networks ​

Part of a Surge in Hyper‑Volumetric DDoS

Cloudflare stresses that the 29.7 Tbps incident is not an isolated case but part of a broader escalation in DDoS firepower during 2025. In Q3 alone, the company says it mitigated 1,304 hyper‑volumetric attacks from Aisuru—campaigns that exceed either 1 Tbps in bandwidth or 1 billion packets per second.​

Since the start of 2025, Cloudflare reports neutralizing 2,867 Aisuru‑linked attacks, with hyper‑volumetric incidents rising 54% quarter‑on‑quarter and averaging around 14 per day. Overall, DDoS events exceeding 1 Tbps have more than doubled, increasing by about 227% compared with the previous quarter, while network‑layer attacks over 100 million packets per second grew by 189%.​

Q3 2025 DDoS trends reported by Cloudflare

Indicator Q3 2025 figure / change
Aisuru attacks in 2025 2,867 total since January ​
Aisuru hyper‑volumetric attacks (Q3) 1,304 incidents over 1 Tbps or 1 Bpps ​
Hyper‑volumetric attack growth 54% quarter‑on‑quarter increase ​
Attacks > 1 Tbps 227% quarter‑on‑quarter increase ​
Attacks > 100 million pps 189% quarter‑on‑quarter increase ​
Previous Cloudflare record 7.3 Tbps attack blocked in May 2025 ​

Sectors Most at Risk from Aisuru and Similar Botnets

According to Cloudflare and independent security reports, Aisuru’s operators repeatedly focus on industries where uptime is critical and bandwidth is high, such as telecom networks, online gaming, cloud hosting and financial services. Attacks on these sectors can disrupt consumer connectivity, delay online transactions or temporarily knock popular services offline, even if core backbone networks remain stable.​

Cloudflare’s latest threat data also highlights fast‑rising DDoS traffic aimed at emerging technology companies, including firms developing artificial intelligence tools, as well as organizations in the mining, metals and automotive supply chains. The company links some of the recent spikes in attacks on industrial and automotive targets to ongoing trade tensions between the European Union and China.​

Sectors highlighted in recent reports

Sector / target type Observed impact or trend
Telecommunications Repeated Aisuru targeting; risk of connectivity disruptions ​
Gaming platforms High‑traffic services hit by multi‑Tbps floods ​
Hosting & cloud Attacks against infrastructure providers like Gcore and cloud platforms ​
Financial services Exposure through online banking and trading systems ​
AI and tech firms 347% month‑on‑month DDoS traffic spike reported for AI sector ​
Mining, metals, auto Increased targeting amid EU‑China trade frictions ​

Why Short, Massive Attacks Are Hard to Handle

Security analysts note that many modern DDoS campaigns are extremely short but extremely large, leaving little time for manual response. Cloudflare’s data shows that most network‑layer attacks end within 10 minutes, yet clean‑up and service recovery can take much longer once routers, applications or upstream links have been overwhelmed.​

The Aisuru botnet’s use of randomised packet attributes and wide‑spread targeting across thousands of ports demonstrates a shift away from simple, single‑target floods towards more distributed stress on networks. This carpet‑bombing style forces defenders to rely on automated, real‑time analysis at scale rather than static filters or purely on‑premise scrubbing appliances.​

How hyper‑volumetric DDoS attacks behave

Characteristic Description
Duration Often seconds to a few minutes, but with very high peaks ​
Technique Randomised, multi‑port floods or protocol abuse ​
Operational challenge Minimal time for human intervention during peak ​
Recovery Can require extended checks and restarts after the flood ​

How Organisations Can Strengthen Their Defences

For organisations that rely on internet‑facing services, the latest figures from Cloudflare underline the need for always‑on, automated DDoS protection rather than purely reactive measures. Building resilience typically involves using upstream scrubbing or content delivery networks, distributing services across multiple locations and ensuring capacity headroom to absorb sudden traffic spikes.

Experts also recommend having a tested incident‑response plan that includes clear escalation paths, predefined thresholds for mitigation and coordination with upstream providers. Regular monitoring, logging and anomaly detection can help security teams identify unusual patterns early, even when attacks last only a few seconds.

At the device level, reducing the pool of systems that attackers can hijack is another long‑term priority. Keeping routers, IoT equipment and edge devices updated, disabling unnecessary remote access and enforcing strong authentication can make it harder for botnets like Aisuru to keep growing.

Practical defensive steps for enterprises

Area Recommended focus
Network architecture Use anycast, CDNs and upstream scrubbing where possible
Monitoring Continuous traffic analysis and automated anomaly detection
Response planning Documented runbooks and regular DDoS drills
Endpoint hygiene Patch routers/IoT, close unused ports, harden remote access
Vendor coordination Align with ISPs, cloud providers and security partners

What This Record Attack Means Next

The 29.7 Tbps Aisuru attack sets a new visible ceiling on DDoS volume and suggests that well‑resourced botnets can now generate traffic far beyond what many legacy networks were designed to withstand. At the same time, Cloudflare’s ability to mitigate the incident automatically, without naming customer impact, shows how cloud‑scale defenses are evolving to meet these extremes.​

However, with thousands of Aisuru‑linked attacks already recorded this year and quarter‑on‑quarter surges in multi‑terabit events, security specialists warn that similar incidents are likely to continue. For governments, regulators and infrastructure operators, the figures are likely to intensify debates over minimum resilience standards, cross‑border cooperation and the security of consumer devices that silently power these giant botnets.


Subscribe to Our Newsletter

Related Articles

Top Trending

SEO Tactics For Service Businesses
7 SEO Tactics For Service Businesses
environment impact of plant-based diet featured image. Plant based meal with legumes, grains, vegetables, and a globe showing the environmental value of sustainable food choices.
The Environment Impact of Plant-Based Diet Choices
Self-Hosting AI Costs
Self-Hosting AI Looks Cheap Until You Become the Vendor
Educational YouTube Channels for Homeschool Learning featured image. Parent guides a child using an educational video with notes and learning tools, showing active homeschool study rather than passive screen time.
13 Educational YouTube Channels for Homeschool Living Rooms
best apps toddlers
9 Best Apps for Toddlers Ages 2–4 for Learning and Play

Fintech & Finance

Higher 401k Limits Retirement Savers
What Do Higher 401(k) Limits Mean for Retirement Savers in 2026?
ELSS SIP Calculator
ELSS SIP Calculator: Tax Saving + Wealth Building Explained
Tracking Small-Cap Stocks on Fintechzoom.com Russell 2000
Fintechzoom.com Russell 2000: The Complete Guide to Tracking Small-Cap Stocks in 2026
Organizational Bottlenecks and How to Address Them
10 Organizational Bottlenecks: Here’s How to Address Them
Why more Indians are Taking a Rs 50000 Personal Loan for Emergencies and Short-term Needs
Why more Indians are Taking a Rs 50000 Personal Loan for Emergencies and Short-term Needs

Sustainability & Living

environment impact of plant-based diet featured image. Plant based meal with legumes, grains, vegetables, and a globe showing the environmental value of sustainable food choices.
The Environment Impact of Plant-Based Diet Choices
Swedish supply chain traceability platforms
6 Swedish Supply Chain Traceability Platforms Transforming Global Industries
Local Climate Actions
11 Local Climate Actions That Compound Beyond One Household
Plastic-Free Grocery Swaps
8 Plastic-Free Grocery Shopping Swaps That Actually Work
Sustainable Bathroom Swaps
11 Sustainable Bathroom Swaps for a Waste-Free Routine

GAMING

Mortdog left Riot Games
Mortdog Leaves Riot Games: Is This the End of TFT as We Know It?
Quality Assurance & Game Testing
Top 10 Gaming SMEs Specializing in Quality Assurance & Game Testing in India
$70 Game Deals
Why $70 Game Deals Are Mostly Never Worth It
why AAA games look the same
Why AAA Games Look the Same Even When They Cost More Than Ever
Foullrop85j.08.47h Gaming
Foullrop85j.08.47h Gaming: What It Really Is and Why You Should Be Skeptical

Business & Marketing

Best Founder Resources
23 Best Founder Resources: A Practical Guide for Early-Stage Startups
Best Free Courses Aspiring Founders
The 7 Best Free Courses Aspiring Founders Should Take Before Building
best templates founders
11 Best Templates Founders Need to Build Smarter
Enter a new country without legal entity
The Fastest Way to Enter a New Country Without Establishing a Legal Entity
Promotional talent live events
How Promotional Talent Helps Brands Make an Impact at Live Events

Technology & AI

SEO Tactics For Service Businesses
7 SEO Tactics For Service Businesses
Self-Hosting AI Costs
Self-Hosting AI Looks Cheap Until You Become the Vendor
launch tactics tight budget
7 Launch Tactics on a Tight Budget for Indie SaaS Teams
SEO tactics SaaS
11 SEO Tactics Specific to SaaS Teams That Want Qualified Traffic, Not Empty Visits
best newsletters SaaS founders
11 Best Newsletters SaaS Founders Should Read for Growth

Fitness & Wellness

A Complete Guide on TheLifestyleEdge com
The Lifestyle Edge: Your Complete Guide to Wellness and Modern Living
Stretching Accessories That Make a Difference
7 Stretching Accessories That Make a Difference for Flexibility, Mobility, and Recovery
air quality wellness devices
13 Air Quality and Wellness Devices Worth Considering for a Healthier Home
habits reduce stress
7 Habits That Reduce Stress Long Term and Feel Calmer Daily
habits better focus
11 Habits for Better Focus That Actually Work