Aisuru Botnet Unleashes Record 31.4 Tbps DDoS Attack
▼ Summary
– The Aisuru/Kimwolf botnet set a new DDoS record with an attack peaking at 31.4 Tbps and 200 million requests per second, targeting telecommunications companies in a campaign Cloudflare named “The Night Before Christmas.”
– Cloudflare’s 2025 Q4 report shows a 121% annual increase in DDoS attacks, with over 47 million incidents and telecommunications, IT, and gaming being the most targeted industries.
– The primary sources for this record-breaking campaign were compromised Android TVs, a shift from the botnet’s typical use of IoT devices and routers.
– Despite the unprecedented scale, Cloudflare automatically detected and mitigated these hyper-volumetric attacks without triggering internal alerts.
– The report also notes a sharp rise in large-scale attacks, including a 600% increase in network-layer attacks exceeding 100 Mpps and a 65% quarterly increase in attacks larger than 1 Tbps.
A new record for distributed denial of service (DDoS) attacks has been set, with the Aisuru botnet unleashing an unprecedented bombardment that reached a staggering 31.4 terabits per second. This hyper-volumetric assault, which also generated over 200 million HTTP requests per second, targeted telecommunications firms and IT organizations in a campaign Cloudflare detected and mitigated on December 19 of last year. Dubbed “The Night Before Christmas,” this event underscores the escalating scale and sophistication of modern cyber threats.
The attack campaign focused on multiple companies, primarily within the telecom sector, and included attempts against Cloudflare’s own customer infrastructure and administrative dashboard. This latest offensive surpasses the botnet’s own prior record of 29.7 Tbps, solidifying its reputation for executing some of the largest publicly disclosed cyber assaults. While the sheer volume was extraordinary, Cloudflare’s systems automatically detected and neutralized the threats without triggering internal alerts.
Analysis of the campaign reveals that over half of the individual attacks persisted for only one to two minutes, with a mere six percent lasting longer. The majority, roughly ninety percent, peaked between one and five terabits per second. A significant shift in the botnet’s composition was also noted; whereas Aisuru typically leverages compromised Internet of Things (IoT) devices and routers, the primary sources for this campaign were reportedly Android TV devices.
The broader context for this record-breaking event is a dramatic surge in DDoS activity throughout the year. Cloudflare’s 2025 fourth-quarter threat report indicates a 121% annual increase in DDoS attacks compared to 2024, with 47.1 million incidents logged. On average, the company mitigated 5,376 attacks every hour during 2025. The final quarter alone saw a 31% increase from the previous quarter and a 58% rise year-over-year, confirming a persistent upward trend.
Telecommunications providers remained the most frequent target during this period, followed by IT and service companies, the gambling and casino industry, and gaming firms. Geographically, the largest volume of attack traffic originated from Bangladesh, with Ecuador and Indonesia following closely behind. Argentina notably jumped into the fourth position, while Russia fell five places to tenth. Throughout the year, organizations in China, Hong Kong, Germany, Brazil, and the United States faced the most targeting.
The report further details alarming escalations in specific attack categories. Network-layer attacks exceeding 100 million packets per second saw a 600% increase. There was also a 65% quarter-over-quarter rise in attacks larger than one terabit per second. Notably, more than 71.5% of all recorded HTTP DDoS attacks were traced to known or documented botnets, highlighting the organized nature of this persistent threat landscape.
(Source: NewsAPI Cybersecurity & Enterprise)
