29.7 Tbps DDoS Attack Shatters Records: What the Aisuru Botnet Means for Internet Security

The internet just survived its biggest stress test yet. A massive distributed denial-of-service attack peaked at 29.7 terabits per second, smashing the previous 22 Tbps record and proving that what seemed impossible a year ago is now just another Tuesday for cybercriminals.

What Actually Happened

Cloudflare's systems caught and stopped the attack within seconds, which sounds reassuring until you realize what they were up against. The Aisuru botnet threw 14.1 billion packets per second at its target, flooding roughly 15,000 network ports simultaneously while constantly changing packet characteristics to slip past older defense systems.

Think of it like trying to drink from a fire hose, except the fire hose is pointed at your entire neighborhood and the water keeps changing temperature and pressure randomly.

The attack used a technique called UDP carpet-bombing. Instead of targeting one weak point, it hammered everything at once, making it nearly impossible for traditional filtering systems to keep up. This wasn't some sophisticated zero-day exploit or carefully crafted attack vector. It was pure brute force scaled to astronomical levels.

The Botnet Behind the Chaos

Aisuru isn't just big, it's somewhere between 1 and 4 million compromised devices strong. That makes it the largest active botnet currently wreaking havoc across the internet. These aren't sophisticated server farms either. Most of these devices are probably routers, IoT gadgets, and poorly secured home equipment that their owners don't even know are compromised.

Here's where it gets worse: you can rent this thing. For a few hundred to a few thousand dollars, anyone can purchase enough firepower to take down major websites or even knock an entire internet service provider offline. The barrier to entry for launching devastating attacks has dropped so low that script kiddies and low-level criminals now have access to nation-state-level capabilities.

Since early 2025, Cloudflare has blocked 2,867 separate Aisuru attacks. During Q3 alone, they stopped 1,304 hyper-volumetric events, which works out to about 14 massive attacks every single day. That's not a threat landscape anymore, that's a threat weather pattern.

The Bigger Picture Looks Worse

Zoom out from Aisuru and the numbers get even more alarming. Cloudflare blocked 8.3 million DDoS attacks across their platform in Q3 2025, a 15 percent jump from the previous quarter and 40 percent higher than the same period last year.

Year-to-date? 36.2 million attacks. That's already 170 percent of what 2024 saw in total, and we still had a quarter to go when these numbers were reported.

The attack methods are evolving too. Network-layer attacks now make up 71 percent of all DDoS incidents, surging 87 percent quarter-over-quarter. Meanwhile, HTTP-layer attacks dropped 41 percent in the same period. Attackers have stopped trying to be clever and started focusing on overwhelming raw bandwidth instead.

The really extreme stuff is accelerating faster than everything else. Attacks exceeding 100 million packets per second jumped 189 percent quarter-over-quarter. Assaults crossing the 1 Tbps threshold grew 227 percent.

👉 Explore high-performance network infrastructure built to withstand modern DDoS threats

And here's the kicker: most of these attacks last less than 10 minutes. That's barely enough time to notice something's wrong, let alone respond manually or activate traditional mitigation services. The entire assault happens and disappears before most security teams could even finish their incident response checklist.

Where the Attacks Are Coming From

Geography tells its own story. Indonesia remains the top source of DDoS traffic globally, with HTTP-based DDoS requests up an absurd 31,900 percent since 2021. That's not a typo.

Q3 2025 saw massive spikes in unexpected places: the Maldives, France, and Belgium. Not coincidentally, all three were experiencing significant civil unrest during that period. The Maldives had the "Stop the Loot!" protests, France saw widespread "Block Everything" strikes, and Brussels hosted large Gaza solidarity demonstrations. When people take to the streets, apparently hackers take to their keyboards.

China gets hit the hardest, followed by Turkey and Germany. The United States climbed to fifth place, while the Philippines showed the biggest jump within the top 10 targets.

Who's Getting Hit and Why

Certain industries keep showing up in the crosshairs. Telecommunications companies, gaming platforms, hosting providers, and financial services face constant bombardment.

Generative AI providers got hammered especially hard, with attacks spiking up to 347 percent month-over-month in September. Mining, metals, and automotive sectors also saw surges, likely connected to escalating trade tensions between the European Union and China over rare earth elements and electric vehicle tariffs.

When geopolitics heat up, DDoS attacks follow. It's become a reliable pattern.

The Collateral Damage Problem

Here's something that doesn't get talked about enough: the Aisuru botnet caused unintended disruptions across major U.S. internet service providers during some of its campaigns. When you're throwing around 29.7 terabits per second, precision becomes nearly impossible.

👉 Get reliable server infrastructure designed for maximum uptime and security

It's like trying to perform surgery with a sledgehammer. The target might be one specific website, but the shockwaves ripple through shared infrastructure, impacting innocent bystanders who happen to be on the same network segments or routing paths.

What This Means Going Forward

Cloudflare proved that even a 29.7 Tbps monster can be stopped with the right architecture. That's genuinely impressive. But the real problem isn't whether individual attacks can be mitigated, it's that they're happening 14 times a day, lasting less than 10 minutes each, and growing more powerful every quarter.

Traditional security models assume you'll have time to respond to threats. These attacks come and go faster than you can call an emergency meeting. The only defense is having automated systems already in place before the first packet arrives.

Multi-terabit DDoS attacks aren't coming. They're already here. They're not rare anymore, they're routine. What broke records last year is baseline this year, and next year's records are probably being set right now while you're reading this.

Organizations that still think of DDoS as an occasional problem rather than a constant environmental factor are setting themselves up for a very bad day. The threat landscape has fundamentally changed, and defenses need to change with it.

The age of assuming your infrastructure can survive on good luck and basic protections is over. When botnets with millions of compromised devices can be rented for pocket change and launched by anyone with an internet connection and a grudge, everyone becomes a potential target.

The question isn't whether you'll face a massive DDoS attack anymore. It's whether your systems will still be standing when it's over.