Protect Your Privacy. Secure Your Finances. Explore the Future of Cybersecurity.

Cloudflare Stops Unprecedented 29.7 Tbps DDoS Attack in Record-Breaking Cyber Assault

Marty Olo

12/4/2025

Credit: CloudFlare

What happened — record-setting attack

  • In Q3, 2025, Cloudflare said it successfully stopped the largest distributed denial-of-service (DDoS) attack ever publicly recorded — with a peak traffic of 29.7 terabits per second (Tbps).

  • The attack lasted 69 seconds.

  • The source was identified as a massive botnet known as Aisuru. Cloudflare estimates Aisuru comprises between 1 and 4 million infected devices worldwide — things like unsecured routers, “Internet of Things” (IoT) devices, and other compromised hardware.

  • Attackers used a UDP “carpet-bombing” technique: flooding large numbers of packets, targeting approximately 15,000 destination ports per second to overwhelm defenses and make filtering harder.

Why this is a big deal: the arms race keeps escalating

  • Before this 29.7 Tbps event, Cloudflare had already by 2025 mitigated consecutive record-breaking DDoS attacks: 7.3 Tbps (mid-2025), then 11.5 Tbps (September 2025), then 22.2 Tbps (also September), showing how rapidly DDoS volumes are rising.

  • The recent 29.7 Tbps attack more than doubled prior peaks, and illustrates that attack infrastructure and capabilities (botnets, IoT compromises, automated flooding) are scaling enormously.

  • According to Cloudflare’s Q3 2025 report:

    • They mitigated an average of 3,780 DDoS attacks every hour during the quarter.

    • In total, by that point in 2025 they had already mitigated 36.2 million DDoS attacks, amounting to 170% of the total number of attacks they defended against in all of 2024.

  • This illustrates a rapidly escalating “DDoS arms race.” Attackers are evolving faster — using massive botnets, exploiting insecure IoT devices, and launching hyper-volumetric attacks — requiring defenses to evolve just as fast.

How Cloudflare defended — what worked

  • Cloudflare’s automated defenses were enough to detect and mitigate the attack — without manual intervention. That means their network and scrubbing-infrastructure absorbed the flood and protected the victim’s IP or service.

  • The attack’s method — UDP flooding with randomized packets and targeting many ports — is a common “volumetric + port-exhaustion” approach. By flooding many ports per second, attackers try to evade traditional static filters or defenses that assume simpler attack patterns.

  • Cloudflare’s report suggests the mitigation was part of a suite of defenses against “hyper-volumetric” attacks (attacks exceeding 1 Tbps or large packet-per-second rates), showing that modern DDoS protection must handle extremely high volume, high speed, and smart evasion techniques.

What we know — and what remains unknown
Known

  • The botnet behind the attack: Aisuru, with 1–4 million infected devices worldwide.

  • Attack type: UDP flood + port/packet-flood (“carpet-bombing”), hitting ~15,000 ports per second.

  • Attack scale: 29.7 Tbps peak, 69-second duration, mitigated successfully.

  • Volume of attacks overall is growing — 2025 is seeing far more hyper-volumetric and high-volume DDoS attempts than prior years.

Unknown / Not publicly disclosed

  • The identity of the target: Cloudflare did not name who or what organization was hit.

  • The ultimate motive: We don’t know if this was mere disruption, extortion, a test of capabilities, or a smokescreen for something else.

  • Whether the attackers gained any side benefits beyond flooding — e.g. traffic snooping or secondary attacks — isn’t public knowledge.

Why this matters — broader implications

  • This event shows that the scale of DDoS attacks has leapt forward. What used to be “massive” (e.g. a few Tbps) is now being dwarfed in the span of months. Organizations that thought they were safe may now find their defenses outdated.

  • The use of huge botnets comprised of IoT devices and poorly-secured hardware reminds us — virtually any unmanaged internet-connected device (cameras, routers, smart-home gadgets, etc.) can be weaponized. That raises questions for both enterprise cybersecurity and consumers: IoT hygiene matters.

  • For businesses — especially internet-facing services, cloud providers, hosting companies, ISPs — this is a call to constantly evolve — relying on automated, scalable mitigation infrastructure (like Cloudflare’s) rather than legacy, manual defense.

  • For the internet as a whole — as these attacks grow, there’s potential for broader collateral disruption: strain on ISPs, slower internet performance, ripple-effects across downstream networks. Indeed, some reporting says earlier massive botnet floods have caused “widespread collateral Internet disruption.”

What to watch now — next steps and what to expect

  • It’s unlikely this will be a one-off. Given the speed of escalation, we may see even larger floods (or more frequent hyper-volumetric attacks).

  • Organizations should harden IoT devices, update firmware, enforce strong credentials — since insecure devices are the raw material for botnets.

  • Security providers will need to keep scaling — not just absorbing bandwidth, but building smarter, protocol-aware defenses (rate-limiting, anomaly detection, behavioral filtering) to stay ahead.

  • Regulators, ISPs, and hardware vendors may need to take a more active role: better standards for IoT security, accountability for botnet-origin devices, maybe even legal frameworks for IoT manufacturers.

In short: this 29.7 Tbps attack isn’t just a scary headline — it marks a dramatic shift in what’s now possible for cyber attackers. Thanks to Cloudflare and similar defenders, this wave was absorbed — but the baseline for “safe” internet has changed.

Sources

  • The Hacker News — Record 29.7 Tbps DDoS Attack Linked to Aisuru Botnet
    https://thehackernews.com/2025/12/record-297-tbps-ddos-attack-linked-to.html

  • BleepingComputer — Aisuru Botnet Behind New Record-Breaking 29.7 Tbps DDoS Attack
    https://www.bleepingcomputer.com/news/security/aisuru-botnet-behind-new-record-breaking-297-tbps-ddos-attack/amp/

  • Cloudflare Blog — DDoS Threat Report 2025 Q3
    https://blog.cloudflare.com/ddos-threat-report-2025-q3/

  • Noise/GetOTO — Cloudflare’s 2025 Q3 DDoS Threat Report — Including Aisuru
    https://noise.getoto.net/2025/12/03/cloudflares-2025-q3-ddos-threat-report-including-aisuru-the-apex-of-botnets/

  • SecurityBrief — Cloudflare Records Largest DDoS Attack at 7.3 Tbps in Q2 2025
    https://securitybrief.com.au/story/cloudflare-records-largest-ddos-attack-at-7-3-tbps-in-q2-2025

  • Breached.companyThe DDoS Arms Race: How 2025 Became the Year of Record-Breaking Cyber Assaults
    https://breached.company/the-ddos-arms-race-how-2025-became-the-year-of-record-breaking-cyber-assaults/

  • TechLomedia — Cloudflare Q3 2025 DDoS Report Shows Aisuru Botnet Pushing Attacks to Record Levels
    https://techlomedia.in/2025/12/cloudflare-q3-2025-ddos-report-shows-aisuru-botnet-pushing-attacks-to-record-levels-118897/

Secure Secure, Stay Informed

Your source for online privacy and protection.

Copyright © 2025. - PrivyShield - All rights reserved.

Privacy Policy - Terms of Use - Affiliate Disclosure - Cookie Policy - Contact