Cloudflare Mitigates Record-Breaking 22.2 Tbps DDoS Attack

Cloudflare revealed that it successfully stopped the largest DDoS attack ever recorded—completely automatically.

We're talking about a hyper-volumetric strike that peaked at an astonishing 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps). In other words: a never-before-seen digital avalanche that sets a new and troubling benchmark in the world of cyber threats.

To put it into perspective, this attack was more than twice the size of any previous DDoS event, making it clear that attackers and their botnets continue to upgrade their “weapons” at an alarming pace.

Until now, the record was held by a UDP flood attack that reached 11.5 Tbps—which, despite lasting only 35 seconds, was already considered massive. This latest incident is on a whole other level.

Record-Breaking Attack Diagram (Source: Cloudflare)

A Record-Breaking DDoS Attack That Lasted Just Seconds

What’s most surprising about this record-breaking DDoS attack wasn’t just its colossal size—but how brief it was: just 40 seconds of pure intensity. That was enough time to try and overwhelm the network defenses before they had a chance to fully react.

These types of offensives, known as “hit-and-run” attacks, are becoming increasingly common. The idea is simple but devastating: launch a massive assault in a very short window to cause maximum disruption. That’s why now more than ever, real-time automatic detection and mitigation are critical to surviving in the cybersecurity landscape.

The assault peaked at a staggering 22.2 Tbps and wasn’t a simple attack. It was a multivector attack—meaning it combined multiple techniques to maximize its impact.

Hyper-volumetric attacks like this typically originate from giant botnets made up of thousands of compromised computers and IoT devices. All of them working together can flood a target’s servers until they crash, leaving legitimate users without access.

How Cloudflare Managed to Contain It

According to Cloudflare, its network detected and blocked the attack completely autonomously—without any human intervention. This marks a major shift in the industry: relying solely on manual processes or legacy “scrubbing centers” is no longer enough.

Today’s attacks move at machine speed—so defenses must, too. This is where AI- and machine learning-based technologies come into play, capable of recognizing and neutralizing threats in a matter of seconds.

Thanks to its global, distributed infrastructure, Cloudflare was able to absorb the torrent of malicious traffic right at the network edge—before it reached its intended target. As a result, protected online services remained up and running, even during this short but brutal attack.

While Cloudflare hasn’t released many details about the latest DDoS incidents it mitigated, researchers from Qi’anxin XLab, a Chinese cybersecurity firm, point to a very specific culprit: the AISURU botnet.

According to their findings, AISURU has reportedly infected more than 300,000 devices worldwide. The outbreak began in April 2025, right after a firmware update server from router manufacturer Totolink was compromised.

And it didn’t stop there. This botnet is also exploiting vulnerabilities in IP cameras, DVR/NVR recorders, Realtek chips, and even routers from well-known brands like T-Mobile, Zyxel, D-Link, and Linksys.

In other words: any poorly protected device can become a digital “zombie” in this network, which is then used to launch large-scale DDoS attacks.

Read more: EDR-Freeze: New Technique Uses Windows WER to Evade Antivirus

The Big Question for Businesses