The Aisuru/Kimwolf botnet has set a new record with a DDoS attack of 31.4 Tbps and 200 million requests per second. The attack took place on December 19 as part of a campaign against telecom companies.
The attack was detected and handled by Cloudflare. The Aisuru botnet previously held the DDoS record at 29.7 Tbps. Microsoft also attributed an attack of 15.72 Tbps to this botnet, which originated from 500,000 IP addresses. The latest attack far exceeded these previous figures.
Cloudflare named the campaign “The Night Before Christmas” because of the timing. The security service characterized it as an “unprecedented bombardment” on telecom companies and IT organizations. “The campaign targeted Cloudflare customers as well as Cloudflare’s dashboard and infrastructure with hyper-volumetric HTTP DDoS attacks exceeding rates of 200 million requests per second (rps) alongside Layer 4 DDoS attacks peaking at 31.4 Terabits per second, making it the largest attack ever disclosed publicly,” Cloudflare said.
Android TVs as a source of attack
More than half of the attacks in the Aisuru campaign lasted between one and two minutes, with only 6 percent lasting longer. Most attacks (90 percent) peaked between 1-5 Tbps, and approximately 94 percent were in the range of 1-5 billion packets per second.
Despite the scale of these hyper-volumetric attacks, they were automatically detected and mitigated without triggering any internal alerts. The power of the Aisuru botnet comes from compromised IoT devices and routers. But the attack sources in the “The Night Before Christmas” campaign were Android TVs, a notable shift.
DDoS attacks increased 121 percent in 2025
In the 2025 Q4 DDoS Threat Report, Cloudflare looks back on the entire year. The period saw a 121 percent increase in DDoS attacks compared to 2024, with 47.1 million incidents. Cloudflare mitigated an average of 5,376 DDoS attacks per hour in 2025. Of those, 73 percent targeted the network layer and the rest were HTTP-based. The fourth quarter saw a 31 percent increase compared to the previous quarter and 58 percent year-on-year.
The Kimwolf variant of the botnet infected more than 2 million Android devices and spread via residential proxy networks. The most affected sectors were telecom, IT and services, gambling, and gaming.
According to the report, most attacks originated in Bangladesh, followed by Ecuador and Indonesia. Argentina jumped to fourth place, while Russia dropped five places to number 10. Organizations in China, Hong Kong, Germany, Brazil, and the United States were most frequently targeted.