The Aisuru botnet continues to be responsible for record-breaking distributed denial-of-service (DDoS) attacks, web performance and security firm Cloudflare reported this week.
A new record DDoS attack was mitigated by Cloudflare in the third quarter of 2025. The attack peaked at 29.7 terabits per second (Tbps) and 14.1 billion packets per second (Bpps).
“The 29.7 Tbps was a UDP carpet-bombing attack bombarding an average of 15K destination ports per second. The distributed attack randomized various packet attributes in an attempt to evade defenses,” Cloudflare explained.
The previous record, also attributed to Aisuru, peaked at 22.2 Tbps and 10.6 Bpps.
Aisuru, dubbed a TurboMirai-class IoT botnet, has been responsible for many hyper-volumetric DDoS attacks.
Powered by compromised devices such as routers, CCTV cameras, and DVR systems, the botnet is offered under a DDoS-for-hire model. Customers can also use the botnet for residential proxy services, which can be useful for spamming, scraping, and credential stuffing.
Cloudflare this year mitigated nearly 3,000 Aisuru attacks, including more than 1,300 in Q3 2025.
Aisuru is also responsible for the largest ever DDoS attack on Microsoft’s Azure cloud service, peaking at over 15.7 Tbps and 3.6 Bpps. The attack was aimed at a single endpoint in Australia.
DDoS attacks powered by the botnet are often aimed at hosting providers, gaming companies, telecoms firms, and financial services.
Related: Cloudflare Outage Not Caused by Cyberattack
Related: ShadowV2 DDoS Service Lets Customers Self-Manage Attacks
Related: Arch Linux Project Responding to Week-Long DDoS Attack
