Article Details

'Largest-ever' cloud DDoS attack pummels Azure with 3.64B packets per second. Aisuru botnet strikes again, bigger and badder. Azure was hit by the "largest-ever" cloud-based distributed denial of service (DDoS) attack, originating from the Aisuru botnet and measuring 15.72 terabits per second (Tbps), according to Microsoft. On October 24, the Windows giant's cloud DDoS protection service auto-detected and mitigated the traffic tsunami - nearly 3.64 billion packets per second - so no customer workloads experienced any service interruptions, Microsoft's Sean Whalen said in a Monday blog. More than 500,000 source IPs from various regions flooded a single endpoint with User Datagram Protocol (UDP) packets during the DDoS event, he added. "This was the largest DDoS attack ever observed in the cloud and it targeted a single endpoint in Australia," Whalen wrote, noting that the Aisuru botnet was behind the network flood. Aisuru is a new-ish Mirai-based IoT botnet that has been causing record-breaking DDoS attacks since it emerged in August 2024. This includes one in June 2025 that hit KrebsOnSecurity with 6.3 Tbps, which, according to infosec journo Brian Krebs, was the biggest attack Google had ever mitigated at the time. By October, Aisuru's operators had increased their capabilities to exceed 20 Tbps, according to Netscout principal engineer Roland Dobbins. The botnet primarily infects home routers and cameras on residential ISP networks, and while it operates as a DDoS-for-hire, Dobbins says that its operators have "reportedly implemented preventive measures to avoid attacking governmental, law enforcement, military, and other national security properties." But considering that it's a criminal operation, take that with a healthy dose of salt. Earlier this month, Cloudflare reportedly removed Aisuru-linked domains from its Top Domains ranking after they outranked Amazon, Apple, Google and Microsoft in the most frequently requested websites list. "The attacker is just generating a ton of requests, maybe to influence the ranking but also to attack our DNS service," Cloudflare CEO Matthew Prince told KrebsOnSecurity at the time. "We're fixing the ranking to make it smarter. And, in the meantime, redacting any sites we classify as malware." While the Azure-mitigated attack may be the largest-ever, it's only a matter of time before Aisuru's operators or someone else smashes this DDoS record. As Whalen noted: "Attackers are scaling with the internet itself." In Cloudflare's most recent quarterly DDoS report, it reported a more than 40 percent increase in attacks during Q2 2025 compared to this same period last year.