Microsoft has revealed that its Azure cloud network was recently hit with a huge DDoS attack reaching 15.72 terabits per second.
The attack was launched from more than five hundred thousand IP addresses and is linked to a botnet known as Aisuru.
The attack relied on extremely fast UDP floods aimed at a public IP address in Australia. At its peak, the traffic reached almost 3.64 billion packets every second. Sean Whalen, a senior product marketing manager with Azure Security, said the attack came from the Aisuru botnet, which is a Turbo Mirai-style network of infected Internet of Things devices. It often uses hacked home routers and cameras from internet providers in the United States and other regions to cause record-breaking attacks. He added that these sudden bursts of UDP traffic used random source ports and very little spoofing, which made it easier for providers to trace and block the activity.
Cloudflare has also linked Aisuru to a previous record attack that hit 22.2 terabits per second and reached more than ten billion packets per second when it was mitigated in September 2025. That attack lasted only forty seconds but generated the same load as streaming one million 4K videos at the same time.
Just a week before that record, researchers from XLab at the Chinese cybersecurity firm Qi anxin attributed another attack of 11.5 terabits per second to the same botnet. At the time, they estimated that Aisuru controlled around three hundred thousand devices.
The botnet spreads by exploiting vulnerabilities in IP cameras, DVR and NVR systems, Realtek chips, and routers made by T Mobile, Zyxel, D Link, and Linksys. Researchers say its size exploded in April 2025 after the operators compromised a TotoLink router firmware update server and infected about one hundred thousand devices in a single expansion.
Security journalist Brian Krebs reported earlier this month that Cloudflare removed several Aisuru-related domains from its public list of top DNS-requested websites. These domains suddenly began outranking legitimate sites like Amazon, Microsoft, and Google because the botnet was flooding Cloudflare’s DNS resolver with malicious queries. Cloudflare CEO Matthew Prince confirmed that the botnet was distorting the ranking system, and the company now hides or redacts suspicious domains to prevent similar issues.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
In its DDoS report for the first quarter of 2025, Cloudflare said it mitigated a record number of attacks last year. The company saw a one hundred ninety-eight percent jump from the previous quarter and a three hundred fifty-eight percent increase compared to the year before. In total, Cloudflare blocked more than twenty one million attacks targeting customers in 2024, along with another six point six million attacks directed at its own network during an eighteen-day multi-vector campaign.
