CYBERSECURITY | DDoS attacks hit new highs as Aisuru botnet expands worldwide — Cloudflare
Cloudflare identified the Aisuru botnet as the dominant force behind the quarter’s surge.
AI-generated graphics
Cloudflare reported a sharp escalation in global distributed denial-of-service activity in the third quarter of 2025, driven largely by the rise of the Aisuru botnet, which the company described as the most disruptive botnet it has observed to date. Cloudflare’s latest Quarterly DDoS Threat Report shows hyper-volumetric attacks surpassing previous records, geopolitical spillovers affecting global networks, and heightened targeting of AI platforms, critical industries, and countries facing domestic unrest.
Cloudflare’s autonomous mitigation systems blocked 8.3 million DDoS attacks in 2025 Q3 — an average of 3,780 attacks per hour — representing a 15% increase quarter-over-quarter and 40% year-over-year. With one quarter still left in the year, the company has already mitigated 36.2 million attacks, exceeding 2024’s total by 170%.
Cloudflare identified the Aisuru botnet as the dominant force behind the quarter’s surge. Estimated at 1 million to 4 million infected hosts worldwide, Aisuru repeatedly launched hyper-volumetric attacks exceeding 1 terabit per second (Tbps) and 1 billion packets per second (Bpps).
The botnet was responsible for an average of 14 hyper-volumetric attacks per day, with volumes climbing 54% quarter-over-quarter. The largest events included a 29.7 Tbps UDP carpet-bombing attack, the biggest ever recorded by the company, and a 14.1 Bpps flood — both mitigated autonomously.
Aisuru traffic caused “widespread collateral Internet disruption” in parts of the United States, even when internet service providers were not the intended target, according to security analyst Brian Krebs. Cloudflare warned that unprotected ISPs, healthcare systems, telecommunications companies, emergency services, and military networks would be highly vulnerable should Aisuru directly aim its full traffic capacity at them.
Cloudflare also noted that “chunks” of Aisuru are circulating on botnet-for-hire markets, enabling low-cost access to high-impact attack power. For a few hundred to a few thousand dollars, threat actors can rent portions of the botnet and potentially disrupt national-scale backbone links or major commercial services.
From the start of 2025 through Q3, Cloudflare mitigated 2,867 Aisuru-related attacks, including 1,304 hyper-volumetric attacks in Q3 alone.
Network-layer DDoS attacks accounted for 71% of all Q3 activity — about 5.9 million incidents — rising 87% quarter-over-quarter and 95% year-over-year. Meanwhile, HTTP DDoS attacks declined 41% quarter-over-quarter to 2.4 million, or 29% of total attacks.
Cloudflare said attacks exceeding 100 million packets per second grew 189% quarter-over-quarter. Attacks surpassing 1 Tbps rose 227% quarter-over-quarter. Seventy-one percent of HTTP attacks and 89% of network-layer attacks ended in under 10 minutes.
Cloudflare stressed that such bursts are too fast for human response or on-demand mitigation services. Even brief disruptions often trigger prolonged recovery cycles as teams restore integrity across distributed systems.
UDP floods — many linked to Aisuru — were the top vector in Q3, increasing 231% quarter-over-quarter, followed by DNS floods, SYN floods, and ICMP floods. Mirai-based attacks remain present; Cloudflare said nearly 2% of all network-layer attacks came from Mirai permutations.
Cloudflare reported a direct correlation between global tensions and DDoS activity. Industries tied to politically sensitive supply chains saw steep increases.
DDoS attacks against the Mining, Minerals and Metals sector surged as EU–China friction over rare earth minerals and electric vehicle tariffs intensified in 2025 Q3. The industry jumped 24 spots to become the 49th most attacked globally.
The Automotive sector leaped 62 places to sixth-most attacked worldwide, while cybersecurity companies moved up 17 spots to 13th place. Cloudflare said IT and Services, Telecommunications, and Gambling and Casinos remained the top three most attacked industries overall.
September 2025 brought a sharp rise in DDoS traffic toward generative AI providers, surging 347% month-over-month. The timing coincided with public concern in the United Kingdom reflected in a Tony Blair Institute poll, as well as a review by the UK Law Commission into AI use in government.
China remained the most attacked country, followed by Turkey and Germany. But other nations saw dramatic quarter-to-quarter jumps linked to domestic protests.
The Maldives recorded the highest increase in attack volume, rising 125 places to 38th most attacked as the government faced mass demonstrations over alleged corruption, democratic backsliding, and a media bill flagged by the United Nations for undermining press freedom.
France climbed 65 places amid nationwide strikes and transport blockades organized by trade unions opposing austerity measures and pension changes. Belgium rose 63 positions while tens of thousands joined the “Red Line for Gaza” demonstrations in Brussels.
The Philippines saw the biggest increase among the top 10 most attacked countries, climbing 20 spots as DDoS activity intensified across several industries.
Cloudflare said organizations relying on traditional on-premises appliances or on-demand scrubbing centers may find their protections inadequate against modern hyper-volumetric attacks. The company emphasized the need for automated, real-time, globally distributed mitigation systems capable of reacting in seconds.
————————————————————————-
WATCH TECHSABADO ON OUR YOUTUBE CHANNEL:
WATCH OUR OTHER YOUTUBE CHANNELS:
PLEASE LIKE our FACEBOOK PAGE and SUBSCRIBE to OUR YOUTUBE CHANNEL.
PLEASE LIKE our FACEBOOK PAGE and SUBSCRIBE to OUR YOUTUBE CHANNEL.
