editorially independent. We may make money when you click on links
to our partners.
Learn More
A record-breaking 29.7 terabits-per-second (Tbps) DDoS attack delivered by the Aisuru botnet has set a new global benchmark for volumetric assaults, underscoring the escalating fragility of core internet infrastructure.
Cloudflare confirmed that the attack, which peaked at 14.1 billion packets per second, was mitigated within seconds.
Since the start of 2025, “… 2,867 Aisuru attacks have been mitigated,” said Cloudflare in its analysis.
The 29.7 Tbps blast used a UDP carpet bombing technique, overwhelming roughly 15,000 destination ports per second while randomizing packet attributes to evade static filtering.
These attack patterns — short, intense, and highly distributed — are nearly impossible for human analysts or legacy on-demand scrubbing contracts to mitigate in time.
Aisuru’s operational model compounds the challenge. Portions of the botnet are sold as rentable chunks on underground markets, enabling low-skill threat actors to purchase enough firepower to saturate backbone links or disrupt major ISPs for a few hundred dollars.
Malware tied to Aisuru is also increasingly modular, allowing attackers to adjust packet signatures and distribution patterns to bypass traditional detection heuristics.
Even organizations not directly targeted have experienced collateral impact. As KrebsOnSecurity reported, U.S. ISPs observed widespread congestion triggered by Aisuru’s traffic, despite not being attack victims — illustrating how hyper-volumetric assaults can ripple across the broader internet ecosystem.
Key Trends Shaping Today’s DDoS Landscape
A closer look at this attack reveals several emerging patterns worth noting:
- Extreme scale as the new baseline: Multi-Tbps attacks have become routine rather than exceptional.
- Automation beats manual response: Attacks unfold and conclude far too quickly for traditional, manual workflows to keep up.
- Geopolitical triggers: DDoS activity rose sharply in regions experiencing protests and political tension, with notable increases from certain high-risk geographies.
- AI and critical industries at risk: Generative AI providers and sectors such as mining and automotive faced heightened targeting, influenced in part by global trade and geopolitical friction.
These patterns reflect an evolving DDoS landscape where botnets rapidly adapt to geopolitical pressure points and economic volatility.
Building Resilience Against Hyper-Volumetric DDoS
Given the speed and scale of modern botnets like Aisuru, organizations should adopt automated, layered defenses, including:
- Deploy always-on, automated DDoS mitigation rather than on-demand services that require manual activation.
- Ensure upstream provider coverage, including ISP-level scrubbing, to absorb volumetric floods before they reach origin infrastructure.
- Use anycast architectures to distribute attack traffic across multiple global points of presence.
- Enable rate limiting, anomaly detection, and protocol enforcement to identify and suppress high-volume UDP floods.
- Implement zero-trust network controls, especially for exposed APIs and backend systems.
- Conduct regular attack simulations to validate resilience under multi-Tbps load scenarios.
- Monitor geopolitical indicators, as major DDoS surges increasingly align with political protests, social unrest, and economic disputes.
These measures help reduce downtime and build cyber resiliency.
Hyper-Volumetric Attacks Are the New Normal
The Aisuru botnet’s hyper-volumetric DDoS attack marks a turning point in the evolution of global cyber threats: these massive, high-speed floods have become weaponized at commercial scale.
As attackers rent botnet capacity, exploit geopolitical flashpoints, and refine ever-faster attack techniques, the line between record-breaking and routine is quickly disappearing.
With the boundaries of what attackers can do rapidly expanding, the next step is embracing zero-trust to limit the blast radius when — not if — systems face large-scale attacks.
