AISURU botnet Drives Record 29.7 Tbps DDoS Attack in 2025

What happened on December 4, 2025, and why should you care? Researchers said that the huge AISURU botnet launched a new world-record distributed denial-of-service attack on that day. It was a mind-boggling 29.7 Tbps DDoS attack, with up to 4 million infected devices around the world.
In this article, I'll explain what AISURU is, how this record DDoS attack happened, what made it so strong, and how businesses can protect themselves. I use recent public data and expert reports, focusing on making things clear, giving context, and giving useful advice.

What is the AISURU botnet?

Where AISURU came from and what it is

The AISURU botnet is a new type of IoT botnet that is based on older threats like Mirai. It takes over devices that aren't safe and are connected to the internet, like routers, CCTV cameras, DVRs, and home-network gear that a lot of people install and then forget about.
AISURU has grown a lot over time. The first public reports said that about 300,000 routers had been hacked. But by the end of 2025, security experts thought the botnet had infected between 1 and 4 million hosts around the world.

AISURU works well as a "botnet-as-a-service" because it has a lot of infected devices, and they are spread out. Cybercriminals can rent parts of their network to launch DDoS attacks.

What makes AISURU different?

The size and flexibility of AISURU set it apart from older botnets. Instead of a few thousand bots sending traffic, we're talking about millions of devices, many of which have broadband connections, that are ready to send traffic to targets. This makes traditional IoT botnet attacks much stronger.

The botnet also seems to prefer attacks with a lot of packets and a lot of volume, like UDP carpet-bombing, randomizing packet attributes, and hitting many ports at once. That makes it harder for many defenses to stop attacks.

What Happened During the Record 29.7 Tbps DDoS

How big was the attack, and what was going on at the time?

The record event, which was recorded in Q3 2025 and made public in December, reached 29.7 terabits per second (Tbps), making it the biggest DDoS attack ever made public.
The packet-rate metric was also huge, with the attack sending 14.1 billion packets per second (Bpps). It wasn't just a simple volumetric flood; it was a hyper-volumetric, hyper-packet-rate attack.
The public report says that the attack lasted about 69 seconds.

Attack technique: UDP carpet-bombing

The record 29.7 Tbps assault used a technique called UDP carpet-bombing. Instead of sending packets to a single port, the attack struck an average of 15,000 destination ports per second, randomizing various packet attributes to evade detection.

That port randomization and the high packet-per-second rate made the attack more difficult for traditional defenses, which may expect floods on a few ports or predictable traffic patterns.
This kind of hyper-volumetric attack (high Tbps and high Bpps) marks a new level of disruption, beyond what older DDoS defenders were built for.

How companies, including Cloudflare, dealt with the 29.7 Tbps AISURU attack

• Cloudflare’s global network detected and neutralized the attack fully automatically.
• The company's scrubbing infrastructure and scalable edge filtering were able to handle the flood, stopping bad packets before they got to customer infrastructure.
• There were no public details about the victim, which were probably kept secret. However, the successful mitigation shows that modern, cloud-based DDoS protection can handle even hyper-volumetric attacks if it is set up correctly.
• Because the attack was so fast (69 seconds) and strong, it would have almost certainly failed if someone had to step in or if the attack had to be stopped on demand. Only automated scrubbing at the terabit scale that was always on had a chance.

What this means: The rise of hyper-volumetric DDoS and why it matters

The 29.7 Tbps DDoS is more than just a headline; it signals a shift in the DDoS threat landscape. Here's why:

• Scaling attacks with millions of IoT devices: With 1-4 million infected hosts, AISURU shows that botnets no longer need to rely on a handful of powerful machines; they can harness thousands or millions of consumer-grade devices at scale.
• Blurring bandwidth and packet rate: Traditional DDoS defenses often look at volume in Gb/s or Tb/s. But attacks like UDP carpet-bombing show that packets per second (pps) are just as important for overload. Defenses must handle both high throughput and high packet rates.
• Short, devastating bursts: The attack lasted just over a minute. Many DDoS incidents from the AISURU end in under 10 minutes. That leaves little time for human detection or manual response; automation is no longer optional.
• Collateral damage and widespread disruption: Even ISPs or network providers not directly targeted might experience collateral overload. According to Cloudflare, AISURU attacks can disrupt internet service providers simply because of the flood of traffic crossing shared infrastructure.
In short, the bar for DDoS protection just went up a lot.

What Could Happen to a Small Business in the Real World?

Imagine a small e-commerce company hosting its website with a mid-sized hosting provider. They get a lot of traffic, but they never thought about DDoS because they were small.
Now, envision AISURU launching a hyper-volumetric attack against them. Within seconds, their site is hit with tens of Tbps of traffic, thousands of packets per second, with packets hitting random ports. Without always-on mitigation at terabit scale, which small hosting companies probably can't offer, their servers crash, their network gets too full, customers can't get to the site, they lose money, and their reputation suffers.

And even if the attack isn’t directly aimed at them, if their hosting provider shares infrastructure with others, they might still suffer collateral damage, network saturation, degraded performance, or even downtime.

That situation could soon go from being a possibility to a reality unless businesses and hosting providers act quickly.

Key Insights: Pros and Cons of the New DDoS Reality

Pros (from a defense and awareness perspective):

• The disclosure of such a record shows the public and private sectors are sharing data, which helps defenders learn and prepare.
• Cloud-based, globally distributed mitigation systems (like Cloudflare’s) have proven capable of defending even against 29.7 Tbps hyper-volumetric attacks when properly configured.
• The attention on botnets like AISURU may make ISPs, device makers, and users more likely to protect IoT devices, fix security holes, and follow better security practices.

Cons (threat and risk side):

• The barrier to entry for attackers is lower: inexpensive IoT devices, once compromised, add up to a formidable, rentable botnet.
• Many organizations, especially small/medium businesses, hosting providers, and regional ISPs, lack infrastructure to mitigate multi-Tbps, multi-Bpps floods.
• Attacks are getting shorter but more powerful, and simple firewalls or manual responses may not work.
• Because attacks can cause collateral damage, even entities that are not the target might suffer.

Frequently Asked Questions (FAQ)

What is the AISURU botnet?
AISURU is an IoT botnet-as-a-service that hijacks insecure routers, cameras, DVRs, and other internet-connected devices. It can grow to millions of devices, and attackers can rent parts of it to launch DDoS attacks.

What was the size of the record-breaking 29.7 Tbps DDoS attack?
It peaked at 29.7 terabits per second and around 14.1 billion packets per second (Bpps). The assault lasted about 69 seconds.

Who mitigated the 29.7 Tbps DDoS attack?
The attack was mitigated by Cloudflare, using its globally distributed, automated scrubbing and filtering infrastructure.

How can businesses protect themselves from hyper-volumetric DDoS attacks?
They need always-on, globally distributed DDoS protection with capacity for multi-Tbps and multi-Bpps floods. Reliance on on-premise appliances or limited scrubbing centers is often insufficient. Also, securing IoT devices, enforcing egress filtering at ISPs, and patching vulnerable firmware helps reduce the pool of potential bots.

Final thoughts

The 29.7 Tbps DDoS attack by AISURU is a wake-up call: the DDoS threat has entered a new era. This isn’t about curious script kiddies or small-scale floods anymore. We live in a time when botnet attacks are hyper-volumetric and hyper-packet-rate, thanks to millions of cheap, insecure devices.

Now is the time to check your defenses if you run a business, manage infrastructure, or depend on hosting providers. Check to see if your DDoS protection can handle both huge packet rates and multi-Tbps floods. If you depend on small or local providers, you might want to switch to global, always-on mitigation services.

And at home, take a minute to protect your own IoT devices by changing the default passwords, updating the firmware, and realizing that any router or camera that isn't secure could help power the next record DDoS.
Be careful. Stay safe.

You can also read these important cybersecurity news articles on our website.

·       Windows Fix,

·       TikTok Warning

·       Chrome Update,

·       WordPress Issue.

·       Apple os update

For more, please visit our Homepage and follow us on X (Twitter) and LinkedIn for more cybersecurity news and updates. Stay connected on YouTube, Facebook, and Instagram as well. At Hoplon Infosec, we’re committed to securing your digital world.