Cloudflare has successfully mitigated a record-breaking DDoS attack in May 2025 that peaked at an unprecedented 7.3 terabits per second (Tbps), making it the largest distributed denial of service attack ever recorded.
The target was a hosting provider using Cloudflare’s Magic Transit DDoS protection service.
The massive 45-second assault delivered 37.4 terabytes of data, equivalent to 7,500 hours of HD video streaming, aiming to overwhelm the provider’s infrastructure. Cloudflare said the automated mitigation handled the attack without human intervention.
The attack originated from 122,145 IP addresses across 161 countries, primarily from Brazil, Vietnam, Taiwan, China, Indonesia, and Ukraine. It bombarded the victim’s systems through 34,517 destination ports per second, a tactic designed to bypass traditional security systems.
Cloudflare identified multiple attack vectors, with UDP floods making up 99.996% of the traffic. Other techniques included:
- QOTD and Echo reflection
- NTP and RIPv1 amplification
- Portmap flood
- Mirai botnet UDP floods
These methods exploited legacy and misconfigured services to increase attack effectiveness and test for vulnerabilities.
The company used its global anycast network, spanning 477 data centers in 293 cities, to absorb and neutralize the traffic. Data from the incident was immediately added to Cloudflare’s free DDoS Botnet Threat Feed, which now helps over 600 organizations proactively block malicious IPs.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Cloudflare is encouraging more businesses to subscribe to the feed to strengthen their defenses against evolving botnet-driven DDoS threats.
