Cloudflare Stops Unprecedented 29.7 Tbps DDoS Attack in Record-Breaking Cyber Assault

Credit: CloudFlare

Introduction

Distributed denial-of-service (DDoS) attacks continue to grow in both frequency and scale, but a recent incident has pushed the limits of what was previously considered possible. In the third quarter of 2025, Cloudflare confirmed it successfully mitigated the largest publicly recorded DDoS attack to date, peaking at 29.7 terabits per second (Tbps).

Although the attack lasted just over a minute, it represents a major escalation in attacker capabilities and highlights how rapidly the DDoS threat landscape is evolving. This article breaks down what happened, how Cloudflare stopped it, and why this event matters for organizations and the broader internet.

What Happened: A Record-Setting DDoS Attack

According to Cloudflare’s Q3 2025 DDoS Threat Report, the attack reached a peak volume of 29.7 Tbps and lasted approximately 69 seconds.

The traffic originated from a large botnet known as Aisuru, which Cloudflare estimates consists of between one and four million compromised devices worldwide. These devices reportedly include unsecured routers, Internet of Things (IoT) hardware, and other poorly protected systems that had been infected and remotely controlled.

Attack Technique Used

The attackers relied on a UDP-based “carpet-bombing” technique, which involves:

• Flooding massive volumes of packets simultaneously

• Targeting approximately 15,000 destination ports per second

• Using randomized traffic patterns to complicate filtering

This approach is designed to overwhelm networks while evading static defenses that expect traffic to target a small set of ports or protocols.

Why This Attack Is a Major Milestone

The 29.7 Tbps flood did not occur in isolation. Throughout 2025, Cloudflare and other providers reported a steady escalation in DDoS attack volumes:

• 7.3 Tbps attack mitigated in mid-2025

• 11.5 Tbps attack recorded in September 2025

• 22.2 Tbps attack later that same month

The latest event more than doubled the previous peak, underscoring how quickly attacker infrastructure is scaling.

Key DDoS Trends in 2025

Cloudflare’s Q3 report also revealed:

• An average of 3,780 DDoS attacks mitigated every hour during the quarter

• 36.2 million total DDoS attacks mitigated in 2025, representing 170% of all attacks mitigated in 2024

These figures illustrate a rapidly intensifying DDoS arms race, driven by massive botnets, insecure IoT devices, and increasingly automated attack tools.

How Cloudflare Defended Against the Attack

One notable aspect of this incident is that Cloudflare’s automated defenses mitigated the attack without manual intervention. The company’s globally distributed network absorbed and filtered the traffic before it could impact the targeted service.

Why Automated Defense Matters

The attack combined:

• Extremely high bandwidth

• Large packet-per-second rates

• Rapid port randomization

Traditional, manually tuned defenses often struggle against this type of behavior. Cloudflare’s mitigation relied on real-time traffic analysis, anomaly detection, and scalable scrubbing infrastructure designed specifically for hyper-volumetric attacks (generally defined as exceeding 1 Tbps).

What We Know — and What Remains Unknown

Confirmed Details

• Botnet: Aisuru, estimated at 1–4 million infected devices

• Attack type: UDP flood with multi-port “carpet-bombing”

• Peak volume: 29.7 Tbps

• Duration: 69 seconds

• Outcome: Successfully mitigated

It is also clear that 2025 has seen a sharp rise in both the size and frequency of high-volume DDoS attempts.

Undisclosed Information

• The identity of the targeted organization

• The attackers’ motive, such as disruption, extortion, or testing capabilities

• Whether the attack was part of a broader or multi-stage campaign

Cloudflare did not report any secondary impacts beyond traffic flooding.

Why This Matters Beyond One Incident

This event signals a shift in the baseline threat level for internet-facing services.

For Businesses and Service Providers

Organizations that rely on cloud platforms, hosting services, APIs, or public-facing applications may find that defenses once considered sufficient are no longer adequate. Manual mitigation strategies and limited-capacity appliances may struggle against attacks of this scale.

For IoT Security

The continued use of insecure IoT devices as botnet infrastructure highlights a persistent issue: unmanaged and poorly secured hardware remains a major contributor to global cyber threats. Consumer and enterprise IoT hygiene plays a direct role in internet-wide security.

For the Internet Ecosystem

Extremely large DDoS attacks can cause collateral disruption, including network congestion and degraded service for downstream providers. Previous large-scale floods have already demonstrated that such attacks can impact more than just the intended target.

What to Watch Next

Given the pace of escalation, it is unlikely that this will be the final record-breaking DDoS attack.

Key developments to monitor include:

• Larger or more frequent hyper-volumetric attacks

• Increased targeting of critical infrastructure and cloud services

• Greater use of automation and protocol-aware evasion techniques

Defensive Steps Organizations Should Consider

• Securing IoT and network devices with updated firmware and strong credentials

• Using scalable, automated DDoS mitigation services

• Implementing rate-limiting and anomaly detection at the network edge

• Regularly reassessing exposure and resilience against volumetric threats

Final Thoughts

The mitigation of a 29.7 Tbps DDoS attack represents both a technical success and a warning. While providers like Cloudflare have demonstrated the ability to absorb attacks of unprecedented size, the underlying threat continues to grow.

This incident marks a new chapter in the DDoS arms race. As attacker capabilities expand, organizations must assume that extreme-scale attacks are no longer hypothetical — they are part of the modern internet threat landscape.

More Cyber & VPN News