Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Redazione RHC : 3 December 2025 21:34
A botnet service called Aisuru offers an army of compromised IoT devices and routers to launch high-traffic DDoS attacks. In just three months, the massive Aisuru botnet launched more than 1,300 DDoS attacks, one of which set a new record with a peak of 29.7 terabits per second.
Since the beginning of the year, Cloudflare has neutralized a total of 2,867 Aisuru attacks , which were characterized by significant intensity, with nearly 45% of them classified as hypervolumetric, meaning attacks with a throughput greater than 1 Tbps, or 1 billion packets per second (Bpps).
Cloudflare, a leading internet management and infrastructure company, estimates that the botnet could consist of between one and four million infected hosts globally. Cybercriminals can rent segments of the Aisuru botnet from vendors to conduct distributed denial-of-service (DDoS) attacks.
A massive hypervolumetric attack, carried out by devices controlled by Aisuru, took place in Q3 2025 which was effectively mitigated by Cloudflare.
Previously, Cloudflare had neutralized another record-breaking DDoS attack, attributed to Aisuru with a medium-low security level, which had reached a peak traffic of 22.2 Tbps.
Recently, it was revealed that the same botnet targeted Microsoft’s Azure network, launching a massive 15 Tbps DDoS attack originating from approximately 500,000 different IP addresses.
The record-breaking attack on the unknown Internet company lasted 69 seconds, with traffic peaking at 29.7 Tbps . The attack employed UDP flooding techniques, generating a massive amount of “garbage” traffic directed to an average of 15,000 destination ports every second.
Cloudflare says Aisuru attacks can be so devastating that the sheer volume of traffic can cripple Internet Service Providers (ISPs), even if they aren’t directly targeted. “If Aisuru attack traffic can disrupt parts of the US Internet infrastructure when those ISPs weren’t even targeted, imagine what it can do when directly targeting unprotected or insufficiently protected ISPs, critical infrastructure, healthcare services, emergency services, and military systems,” Cloudflare says .
Cloudflare analytics show that hypervolumetric DDoS attacks from the Aisuru botnet have been steadily increasing this year, reaching 1,304 incidents in the third quarter alone. According to researchers, Aisuru targets companies across a variety of industries, including gaming, hosting providers, telecommunications, and financial services.
The frequency of DDoS attacks exceeding 100 Mpps increased significantly, 189% compared to the previous quarter . Meanwhile, attacks exceeding 1 Tbps increased even more significantly, by 227%, also quarterly. Defenders and on-demand services have only a short window of less than 10 minutes to effectively respond to attacks, as most are completed within that timeframe, according to data from Cloudflare.
“A brief attack may last only a few seconds, but the disruption it causes can be severe and recovery takes much longer,” Cloudflare explained. “Engineering and operations teams are therefore faced with a complex, multi-step process to restore critical systems, verify data consistency across distributed systems, and restore secure and reliable service to customers.”
Redazione