In late 2025, Cloudflare quietly made history—not for something it built, but for something it stopped. The company revealed that it had detected and mitigated the largest recorded distributed denial-of-service (DDoS) attack to date, peaking at an astonishing 29.7 terabits per second (Tbps). To put that into perspective, this single attack was powerful enough to overwhelm the entire bandwidth capacity of many countries.

While the attack lasted only 69 seconds, it underscored a bigger, more troubling trend: DDoS attacks are becoming larger, faster, and far more automated than what we faced even a few years ago.

The Rise of AISURU: A Botnet-for-Hire on a Global Scale

The attack was traced back to AISURU, a DDoS-as-a-service botnet that has been making waves within the cybersecurity community. AISURU isn't your typical botnet hiding in the shadows. Analysts believe it operates through a massive global infection network ranging from 1 to 4 million compromised devices—smart home gadgets, servers, cameras, and anything else hijackable.

Throughout 2025, AISURU has been behind a series of hyper-volumetric attacks, hammering industries such as:

Cloudflare noted that the same botnet also launched a 14.1 billion-packets-per-second (Bpps) attack—another staggering figure even by today's hardened standards.

How the 29.7 Tbps Attack Worked

The attackers used a technique known as UDP carpet bombing, where enormous floods of data overwhelm wide ranges of ports simultaneously. In this case, more than 15,000 destination ports per second were hit.

Cloudflare engineers Omer Yoachimik and Jorge Pacheco explained that AISURU also randomized packet attributes to confuse automated filters and slip past conventional defenses. This tactic is one of the reasons hyper-volumetric attacks are becoming harder to detect and mitigate in real time.

The Bigger Picture: DDoS Attacks Are Accelerating Worldwide

What makes this record-setting incident even more concerning is how it fits into a broader trend. Throughout 2025, Cloudflare reported:

And the number of extreme high-volume attacks keeps climbing. For example, attacks surpassing 100 million packets per second spiked by nearly 189% quarter-over-quarter.

Most attacks, however, were short-lived—less than 10 minutes—a characteristic of modern automated DDoS campaigns designed to overwhelm defenses before mitigation tools can fully react.

Where the Attacks Are Coming From

Out of the top 10 sources of DDoS traffic in Q3 2025, seven were located in Asia, including:

The remaining hotspots included Russia, Ukraine, and Ecuador.

Many of these regions have large numbers of unsecured devices, which makes them fertile ground for botnet operators looking to scale quickly.

Industries Hit the Hardest in 2025

While tech companies are always among the most targeted, 2025 brought several shifts in attacker focus:

The diversity of industries affected shows that attackers are moving beyond traditional targets and hitting organizations that rely heavily on always-online services.

The Global Impact: Which Countries Are Being Targeted Most?

The most attacked countries in 2025 include:

These regions combine high connectivity, digital economies, and large user bases—prime targets for both disruption and extortion.

A New Era of DDoS: Bigger, Faster, More Sophisticated

Cloudflare summed it up best:

The cybersecurity industry is now dealing with attacks that can spike from zero to multi-terabit levels in seconds, powered by millions of infected devices spread across the globe. These are no longer amateur operations; they are industrial-scale, algorithm-driven, and often highly coordinated.

For organizations, this means one thing: traditional defenses are no longer enough. Modern DDoS attacks demand automated, predictive, and globally distributed mitigation systems—exactly the kind of infrastructure that allowed Cloudflare to contain this record-breaking assault.