Security Experts:

Connect with us

Hi, what are you looking for?



Mirai Botnet Launched 2.5 Tbps DDoS Attack Against Minecraft Server

A Mirai botnet variant has launched a distributed denial-of-service (DDoS) attack that peaked at 2.5 terabytes per second (Tbps), according to Cloudflare, which described it as the largest attack it has seen in terms of bitrate.

A Mirai botnet variant has launched a distributed denial-of-service (DDoS) attack that peaked at 2.5 terabytes per second (Tbps), according to Cloudflare, which described it as the largest attack it has seen in terms of bitrate.

The attack was aimed at a Minecraft server named Wynncraft and it involved UDP and TCP floods. However, the web security firm said it mitigated the attack, preventing it from causing any disruption to the game.

While this may have been a record-breaking attack for Cloudflare, Microsoft last year observed an attack that peaked at 3.47 Tbps and another that reached 3.25 Tbps.

Cloudflare this year also saw an attack reaching 26 million requests per second (RPS). The attack was noteworthy particularly for the fact that it was powered by a small botnet of only 5,000 devices. However, in terms of RPS, Google saw the biggest attack known to date, which peaked at 46 million RPS.

“The entire 2.5 Tbps attack lasted about 2 minutes, and the peak of the 26M rps attack only 15 seconds,” Cloudflare explained. “This emphasizes the need for automated, always-on solutions. Security teams can’t respond quick enough. By the time the security engineer looks at the PagerDuty notification on their phone, the attack has subsided.”

Cloudflare reported seeing the massive attack aimed at the Minecraft server in its DDoS threat report for the third quarter of 2022. The company has seen longer-lasting volumetric attacks and a spike in attacks powered by variants of the Mirai botnet, with a quarter-over-quarter (QoQ) increase of 405%.

Cloudflare has seen an overall increase in attacks compared to last year, including application-layer, network-layer and ransom attacks.

The company has highlighted one attack vector for which it has seen a significant increase: BitTorrent. DDoS attacks abusing BitTorrent have increased by more than 1,200% QoQ.

DDoS attacks have been making headlines in recent weeks, as a pro-Russia hacker group named Killnet has targeted major companies and various countries, including the United States, Estonia, and Lithuania.

Cybersecurity and application delivery company Radware this week published a report detailing Killnet’s DDoS attacks on US civilian and government systems.

Related: Mitel Devices Abused for DDoS Vector With Record-Breaking Amplification Ratio

Related: Cloudflare Customer Targeted in Record HTTPS DDoS Attack

Related: Akamai Sees Largest DDoS Extortion Attack Known to Date

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.