Microsoft has disclosed that its Azure cloud network was recently hit by one of the largest distributed denial-of-service (DDoS) attacks ever recorded, clocking in at a massive 15.72 terabits per second (Tbps).
The attack, which occurred on October 24, targeted a single public IP address in Australia and was launched using traffic from more than 500,000 compromised devices around the world.
According to Microsoft, the assault came from the Aisuru botnet, a fast-growing Turbo Mirai-derived network of infected home routers, cameras, and other IoT devices, mainly in residential ISPs in the United States and other countries. The botnet used extremely high-rate UDP floods that surged to nearly 3.64 billion packets per second (pps).
โThe attack originated from the Aisuru botnet,โ wrote Sean Whalen, Senior Product Marketing Manager for Azure Security, in a blog post on Monday. โThese sudden UDP bursts had minimal source spoofing and used random source ports, which helped simplify traceback and facilitated provider enforcement.โ
A Botnet Behind Multiple Record Attacks
Aisuru has rapidly become one of the most feared botnets of 2025. It has been linked to a string of escalating attacks. In recent months:
- Cloudflare linked Aisuru to a 2 Tbps DDoS attack in September that reached 10.6 billion packets per second (Bpps) โ lasted only 40 seconds but was powerful enough to rival streaming a million 4K videos at once.
- Chinese cybersecurity firm Qiโanxin reported a 5 Tbps attack from the same botnet just a week earlier.
- The botnet surged in size after attackers compromised a TotoLink firmware server update, infecting ~100,000 devices.
The botnet feeds on vulnerable IP cameras, DVR/NVR systems, routers from brands including T-Mobile, Zyxel, D-Link, and Linksys, and various Realtek-based devices across the US and beyond.
Azure Stays Online Despite The Surge
Despite the unprecedented volume, Azureโs global DDoS Protection platform automatically detected and mitigated the attack in real time, filtering and redirecting malicious traffic before it could impact customers. It ensured uninterrupted service for customers.
โOur continuous monitoring and adaptive mitigation capabilities were key to neutralizing this unprecedented volume without impacting service,โ added Sean.
DDoS Attacks Are Growing Faster Than The Internet
Experts warn that attack sizes are growing at the same pace as home internet speeds and IoT adoption.
โAttackers are scaling with the internet itself,โ Sean further added. โAs fiber-to-the-home speeds rise and IoT devices get more powerful, the baseline for attack size keeps climbing.โ
Cloudflareโs own Q1 2025 report showed a 358% year-over-year jump in DDoS incidents, with over 21 million attacks on customers blocked in 2024.
Aisuru Has Bigger Ambitions Than Just DDoS
According to the researchers, Aisuru is not only used for botnet-for-hire DDoS operations, but can also support:
- Credential stuffing
- AI-driven web scraping
- Large-scale spamming
- Phishing campaigns
Some variants can even spoof elements of legitimate HTTPS traffic patterns, using residential proxy networks, complicating detection and mitigation efforts.
A Warning Ahead Of The Holiday Season
With shopping traffic about to surge, cybersecurity experts are urging organizations to prepare.
โAs we approach the upcoming holiday season, it is essential to confirm that all internet-facing applications and workloads are adequately protected against DDOS attacks. Additionally, do not wait for an actual attack to assess your defensive capabilities or operational readinessโconduct regular simulations to identify and address potential issues proactively,โ warns Sean.
For now, the 15.7 Tbps attack demonstrates that Microsoftโs cloud defenses remain resilient, but with botnets like Aisuru growing unchecked, the next record may not be far away.
