Today, Cloudflare posted its 2025 Q3 DDoS threat report highlighting Aisuru, “the apex of botnets”.
“The third quarter of 2025 was overshadowed by the Aisuru botnet with a massive army of an estimated 1–4 million infected hosts globally. Aisuru unleashed hyper-volumetric DDoS attacks routinely exceeding 1 terabit per second (Tbps) and 1 billion packets per second (Bpps).
“The number of these attacks surged 54% quarter-over-quarter (QoQ), averaging 14 hyper-volumetric attacks daily. The scale was unprecedented, with attacks peaking at 29.7 Tbps and 14.1 Bpps,” the blog reads.
The massive network of compromised IoT devices and routers has conducted more than 1,300 DDoS attacks over the past few months. Its latest major strike reached a staggering peak bandwidth of 29.7 Tbps, setting a new world record for volumetric DDoS attacks.
The attack lasted only about 69 seconds and during that time it sent junk traffic to tens of thousands of destination ports per second, referred to as a “UDP carpet-bombing” method, overwhelming target infrastructure.
Lydia Zhang, President & Co-Founder, Ridge Security Technology Inc. had this to say:
“The ironic thing is that organizations often don’t realize their IoT devices or routers have been compromised until a DDoS attack occurs.
“Routine security hygiene is essential: staying on top of issues, patching vulnerabilities, and quarantining problematic assets daily or weekly.
“Once a collection of ‘individually compromised devices’ turns into an entire ‘army,’ it becomes too late and nearly impossible to regain control.”
Noelle Murata, Sr. Security Engineer, Xcape, Inc. follows with this comment:
“The recent record-breaking 29.7 Tbps attack by the Aisuru botnet signals a dangerous evolution in cyber warfare. DDoS attacks and large botnets have been a favorite tool used by cybercriminals; these tactics have grown in sophistication, now employing complex “carpet bombing” techniques to evade detection.
“The number and size of these botnets have grown, exacerbated by the proliferation of IoT devices like routers and cameras. The sheer number of IoT devices exposed to the Internet and their generally poor security capabilities make the population of potential botnet devices immeasurable; Aisuru alone controls up to 4 million hosts.
“Think of this scenario like a manufacturer selling millions of cheap, remote-controlled toasters. Individually, they simply toast bread. However, because they lack safety switches or locks, a saboteur can hack them to activate simultaneously, creating a massive power surge that melts the city’s entire electrical grid. The grid fails not because of a defect, but because common appliances were weaponized en masse.
“This should be a call-to-action for IoT device manufacturers to treat their products as not just purpose-built for a single task, but also as devices worth protecting.
“We cannot allow consumer convenience to arm global threat actors.”
Michael Bell, Founder & CEO, Suzu Labs had this comment:
“A 29.7 Tbps attack from 1-4 million compromised IoT devices available as botnet-for-hire for a few thousand dollars means nation-state-level disruption capability is now accessible to anyone with a credit card.
“The most alarming detail in Cloudflare’s report is that Aisuru’s traffic caused “widespread collateral Internet disruption” in the US when ISPs weren’t even the target, which means attacks aimed at critical infrastructure, healthcare, or emergency services could have cascading effects we haven’t fully modeled.
“Organizations need to stop treating DDoS protection as optional and recognize that the 69-second attack duration means human response is impossible: you either have autonomous, always-on mitigation or you’re offline before anyone can react.”
This report from Cloudflare should not be ignored as it shows how increasingly dangerous DDoS attacks have become. Which means you need to read it and defend yourself accordingly.
Like this:
Like Loading...
Related
This entry was posted on December 3, 2025 at 1:03 pm and is filed under Commentary with tags Cloudflare. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Aisuru, “the apex of botnets”, 29.7 Tbps DDoS attack highlighted by Cloudflare
Today, Cloudflare posted its 2025 Q3 DDoS threat report highlighting Aisuru, “the apex of botnets”.
“The third quarter of 2025 was overshadowed by the Aisuru botnet with a massive army of an estimated 1–4 million infected hosts globally. Aisuru unleashed hyper-volumetric DDoS attacks routinely exceeding 1 terabit per second (Tbps) and 1 billion packets per second (Bpps).
“The number of these attacks surged 54% quarter-over-quarter (QoQ), averaging 14 hyper-volumetric attacks daily. The scale was unprecedented, with attacks peaking at 29.7 Tbps and 14.1 Bpps,” the blog reads.
The massive network of compromised IoT devices and routers has conducted more than 1,300 DDoS attacks over the past few months. Its latest major strike reached a staggering peak bandwidth of 29.7 Tbps, setting a new world record for volumetric DDoS attacks.
The attack lasted only about 69 seconds and during that time it sent junk traffic to tens of thousands of destination ports per second, referred to as a “UDP carpet-bombing” method, overwhelming target infrastructure.
Lydia Zhang, President & Co-Founder, Ridge Security Technology Inc. had this to say:
“The ironic thing is that organizations often don’t realize their IoT devices or routers have been compromised until a DDoS attack occurs.
“Routine security hygiene is essential: staying on top of issues, patching vulnerabilities, and quarantining problematic assets daily or weekly.
“Once a collection of ‘individually compromised devices’ turns into an entire ‘army,’ it becomes too late and nearly impossible to regain control.”
Noelle Murata, Sr. Security Engineer, Xcape, Inc. follows with this comment:
“The recent record-breaking 29.7 Tbps attack by the Aisuru botnet signals a dangerous evolution in cyber warfare. DDoS attacks and large botnets have been a favorite tool used by cybercriminals; these tactics have grown in sophistication, now employing complex “carpet bombing” techniques to evade detection.
“The number and size of these botnets have grown, exacerbated by the proliferation of IoT devices like routers and cameras. The sheer number of IoT devices exposed to the Internet and their generally poor security capabilities make the population of potential botnet devices immeasurable; Aisuru alone controls up to 4 million hosts.
“Think of this scenario like a manufacturer selling millions of cheap, remote-controlled toasters. Individually, they simply toast bread. However, because they lack safety switches or locks, a saboteur can hack them to activate simultaneously, creating a massive power surge that melts the city’s entire electrical grid. The grid fails not because of a defect, but because common appliances were weaponized en masse.
“This should be a call-to-action for IoT device manufacturers to treat their products as not just purpose-built for a single task, but also as devices worth protecting.
“We cannot allow consumer convenience to arm global threat actors.”
Michael Bell, Founder & CEO, Suzu Labs had this comment:
“A 29.7 Tbps attack from 1-4 million compromised IoT devices available as botnet-for-hire for a few thousand dollars means nation-state-level disruption capability is now accessible to anyone with a credit card.
“The most alarming detail in Cloudflare’s report is that Aisuru’s traffic caused “widespread collateral Internet disruption” in the US when ISPs weren’t even the target, which means attacks aimed at critical infrastructure, healthcare, or emergency services could have cascading effects we haven’t fully modeled.
“Organizations need to stop treating DDoS protection as optional and recognize that the 69-second attack duration means human response is impossible: you either have autonomous, always-on mitigation or you’re offline before anyone can react.”
This report from Cloudflare should not be ignored as it shows how increasingly dangerous DDoS attacks have become. Which means you need to read it and defend yourself accordingly.
Share this:
Like this:
Related
This entry was posted on December 3, 2025 at 1:03 pm and is filed under Commentary with tags Cloudflare. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.