In just three months, the Aisuru botnet has already made its power clear: it launched over 1,300 DDoS attacks, and one of them went big—setting a record with a peak of 29.7 Tbps.
The most worrying part? Aisuru isn’t an isolated “group,” but rather a for-hire botnet service: essentially, an army of hijacked routers and IoT devices that can be “rented” to launch attacks. Many of those devices fall due to known vulnerabilities or, more simply, because they still use weak passwords that can be guessed through brute force.
According to Cloudflare estimates, this botnet may be operating with between 1 and 4 million infected devices spread across the globe.
Attackers don’t need to build a botnet from scratch—with Aisuru, they can rent parts of this infected device network and use them to launch DDoS attacks on demand.
The most massive blow attributed to Aisuru happened in Q3 2025: a hyper-volumetric attack that Cloudflare managed to mitigate before it could escalate further.
And this isn’t the first time Aisuru has been linked to a record. The previous peak hit 22.2 Tbps (also mitigated by Cloudflare and confidently attributed to Aisuru). More recently, Microsoft reported that this same botnet hit its Azure network with a 15 Tbps DDoS, launched from around 500,000 IP addresses.
In numbers, Cloudflare says it has mitigated 2,867 Aisuru-related attacks since the beginning of the year, and nearly 45% of them were hyper-volumetric (exceeding 1 Tbps or 1 billion packets per second).
As for the most extreme incident, the target hasn’t been disclosed, but several juicy details have: the attack lasted 69 seconds, peaked at 29.7 Tbps, and used UDP carpet bombing—blasting junk traffic toward an average of 15,000 destination ports per second.
Graph of Aisuru’s Record-Breaking Attack (Source: Cloudflare)
Another massive DDoS attack that was successfully mitigated reached 14.1 Bpps (billions of packets per second). And according to Cloudflare, Aisuru’s attacks can be so intense that they end up impacting ISPs—even when they weren’t the intended target. The sheer volume of traffic can overwhelm parts of the network “in transit” and cause collateral disruptions.
As Cloudflare warns, if this kind of traffic is already capable of hitting Internet infrastructure without directly targeting providers, imagine the impact when it’s aimed head-on at under-protected ISPs, critical infrastructure, healthcare, emergency services, or even military systems.
Read more: ShadowV2: New Cloud-Based Botnet Fuels Massive DDoS Attacks
Cloudflare’s data shows a clear trend: this year, hyper-volumetric DDoS attacks linked to Aisuru have continued to rise, with 1,304 incidents recorded in the third quarter alone.
Who’s getting hit the hardest? According to researchers, Aisuru is targeting companies in sectors where uptime is everything—gaming, hosting providers, telecoms, and financial services.
Hyper-Volumetric DDoS Attacks per Quarter (Source: Cloudflare)
The numbers speak for themselves: DDoS attacks exceeding 100 Mpps (million packets per second) grew by 189% compared to the previous quarter, and those surpassing 1 Tbps surged even more—up 227% quarter over quarter.
And here’s what makes things trickier: according to Cloudflare, most attacks last less than 10 minutes. That might sound “positive,” but it’s actually the opposite—this express format gives defenders (and on-demand mitigation services) very little time to react.
Cloudflare explains it with a key insight: an attack may last only seconds, but the damage doesn’t. Even if the peak is brief, the disruption can be severe, and recovery often takes much longer. After the hit, engineering and operations teams face a long process: restoring critical systems, validating data across distributed environments, and ensuring services come back online stable and reliable for customers.
In terms of total number of attacks, last quarter didn’t reach Q1 levels, but 2025 is still shaping up to be significantly tougher than previous years.
Number of DDoS Attacks as of October 2025 (Source: Cloudflare)
Cloudflare reports that during the third quarter, it was mitigating an average of 3,780 DDoS attacks per hour. As for the “map” of traffic, most of it is believed to have originated from Indonesia, Thailand, Bangladesh, and Ecuador, while the top targets were China, Turkey, Germany, Brazil, and the United States.