225/68 Monday, June 23, 2025
In May 2025, Cloudflare—one of the world’s leading web infrastructure and cybersecurity companies—announced that it successfully mitigated the largest Distributed Denial of Service (DDoS) attack ever recorded, which peaked at a staggering 7.3 terabits per second (Tbps). The attack targeted a hosting provider and exceeded the previous record by 12%, lasting only 45 seconds but generating enough traffic to stream over 7,500 hours of HD video or transfer around 12.5 million JPEG images.
The attack was launched using more than 122,000 unique IP sources across 161 countries, with the top traffic sources including Brazil, Vietnam, Taiwan, China, Indonesia, and Ukraine. Attack techniques varied and included QOTD reflection, Echo, NTP amplification, Mirai Botnet exploitation, Portmap flooding, and RIPv1 amplification—all of which leveraged legacy services or insecure configurations.
Nearly 99.996% of the attack traffic consisted of UDP floods, distributed across an average of 21,925 ports per second, with bursts up to 34,517 ports per second. This wide port distribution was designed to bypass traditional firewalls and intrusion detection systems.
Cloudflare noted that the mitigation was handled entirely through automated systems, utilizing its anycast network spanning 477 data centers in 293 cities worldwide. Advanced defense mechanisms such as real-time fingerprinting and intra-data center gossiping were used to dynamically share intelligence and automatically generate mitigation rules.
Indicators of Compromise (IoCs) from the attack have been added to Cloudflare’s free DDoS Botnet Threat Feed, which is currently used by over 600 organizations. Cloudflare is encouraging other potentially vulnerable organizations to subscribe to the feed to strengthen their defenses before attacks reach their infrastructure.
