478/68 Thursday, November 20, 2025
Microsoft has revealed that Azure DDoS Protection successfully detected and mitigated a massive Distributed Denial-of-Service (DDoS) attack on October 24, 2025. The attack reached a peak volume of 15.72 Tbps and 3.64 billion packets per second (pps), making it the largest cloud-based DDoS attack ever recorded. The target was a single endpoint located in Australia. The attack originated from the Aisuru botnet, a variant of the TurboMirai IoT botnet family, which leveraged more than 500,000 compromised IPs from hacked routers and CCTV devices around the world to generate extremely high-volume UDP flood traffic.
According to Microsoft, the attack involved almost no IP spoofing and used continuous port randomization, making the traffic path easier to trace. This incident highlights a growing trend: attackers are increasingly leveraging modern high-bandwidth internet connections-such as fiber-to-the-home-and more powerful IoT devices, resulting in continuously escalating DDoS attack sizes. Microsoft warns that organizations should strengthen the protection of internet-facing systems ahead of the year-end holiday season, a period often associated with increased cyberattacks.
Data from Netscout and Cloudflare indicates that the Aisuru botnet has been behind several major attacks throughout 2025, including a 20+ Tbps attack in October and the 22.2 Tbps attack mitigated by Cloudflare in September. The botnet consists of compromised CPE devices, routers, CCTV/DVR systems, and is widely used in DDoS-for-hire services capable of launching various types of attacks such as UDP/TCP/GRE floods, HTTPS attacks via residential proxies, as well as other malicious activities including credential stuffing, AI-driven web scraping, spam, and phishing. Many ISPs reported severe strain, with traffic spikes exceeding 1 Tbps causing noticeable slowdowns or outages in some regions.
