On October 24, 2025, Azure DDoS Protection automatically detected and neutralized a multi-vector DDoS attack of 15.72 terabits per second and nearly 3.64 billion packets per second.
Microsoft reported on the attack it had confronted on Monday. The attack was the largest ever observed in the cloud and targeted a single endpoint in Australia. Thanks to Azure’s globally distributed infrastructure and continuous detection capabilities, the malicious traffic was immediately filtered and redirected, keeping customer services available.
The attack was carried out by the Aisuru botnet, a Mirai-like IoT variant that has been active since August 2024 and has regularly caused record-breaking attacks since then. This is according to The Register, which also describes how Aisuru was responsible for a 6.3 Tbps attack on KrebsOnSecurity in June 2025, which Google said at the time was the largest the company had ever had to fend off. According to a principal engineer at Netscout, Aisuru had already scaled its capacity to more than 20 Tbps by October 2025.
Aisuru mainly infects home routers and security cameras on residential internet service provider networks. According to security researchers, the botnet operators have indicated that they do not want to attack government or security agencies, but given the criminal nature of the operation, it is immediately noted that this offers little guarantee.
More than 500,000 source addresses
More than half a million source addresses from multiple regions were involved in the attack on Azure, which consisted of extremely fast UDP floods with random source ports and hardly any spoofing. According to Microsoft, this simplified tracing and enabled providers to enforce measures more quickly.
The influence of Aisuru was also visible earlier that month at Cloudflare, where domains linked to the botnet ranked above large tech companies in the list of most requested websites. Cloudflare subsequently removed those domains from the ranking because the huge number of requests appeared to be intended to manipulate the list while putting pressure on Cloudflare’s DNS services. According to Cloudflare’s CEO, the company had therefore adjusted its ranking logic and temporarily hidden domains classified as malware.
Both Microsoft and external researchers point out that DDoS attacks continue to grow along with the capacity of the internet. Higher fiber optic speeds and more powerful IoT devices enable larger attacks, and this translates into clear trends: Cloudflare reported a more than 40 percent increase in the number of DDoS attacks in the second quarter of 2025 compared to the same period a year earlier.