Security Experts:

Connect with us

Hi, what are you looking for?



Mirai Botnet Launched 2.5 Tbps DDoS Attack Against Minecraft Server

A Mirai botnet variant has launched a distributed denial-of-service (DDoS) attack that peaked at 2.5 terabytes per second (Tbps), according to Cloudflare, which described it as the largest attack it has seen in terms of bitrate.

A Mirai botnet variant has launched a distributed denial-of-service (DDoS) attack that peaked at 2.5 terabytes per second (Tbps), according to Cloudflare, which described it as the largest attack it has seen in terms of bitrate.

The attack was aimed at a Minecraft server named Wynncraft and it involved UDP and TCP floods. However, the web security firm said it mitigated the attack, preventing it from causing any disruption to the game.

While this may have been a record-breaking attack for Cloudflare, Microsoft last year observed an attack that peaked at 3.47 Tbps and another that reached 3.25 Tbps.

Cloudflare this year also saw an attack reaching 26 million requests per second (RPS). The attack was noteworthy particularly for the fact that it was powered by a small botnet of only 5,000 devices. However, in terms of RPS, Google saw the biggest attack known to date, which peaked at 46 million RPS.

“The entire 2.5 Tbps attack lasted about 2 minutes, and the peak of the 26M rps attack only 15 seconds,” Cloudflare explained. “This emphasizes the need for automated, always-on solutions. Security teams can’t respond quick enough. By the time the security engineer looks at the PagerDuty notification on their phone, the attack has subsided.”

Cloudflare reported seeing the massive attack aimed at the Minecraft server in its DDoS threat report for the third quarter of 2022. The company has seen longer-lasting volumetric attacks and a spike in attacks powered by variants of the Mirai botnet, with a quarter-over-quarter (QoQ) increase of 405%.

Cloudflare has seen an overall increase in attacks compared to last year, including application-layer, network-layer and ransom attacks.

The company has highlighted one attack vector for which it has seen a significant increase: BitTorrent. DDoS attacks abusing BitTorrent have increased by more than 1,200% QoQ.

DDoS attacks have been making headlines in recent weeks, as a pro-Russia hacker group named Killnet has targeted major companies and various countries, including the United States, Estonia, and Lithuania.

Cybersecurity and application delivery company Radware this week published a report detailing Killnet’s DDoS attacks on US civilian and government systems.

Related: Mitel Devices Abused for DDoS Vector With Record-Breaking Amplification Ratio

Related: Cloudflare Customer Targeted in Record HTTPS DDoS Attack

Related: Akamai Sees Largest DDoS Extortion Attack Known to Date

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...