Cybersecurity researchers have recorded the largest distributed denial-of-service (DDoS) attack ever disclosed, after the Aisuru/Kimwolf botnet launched an unprecedented assault that peaked at 31.4 terabits per second (Tbps) and 200 million requests per second in a coordinated campaign late last year.
The attack was detected and mitigated by Cloudflare on December 19, as part of a broader campaign targeting multiple organizations. The majority of the victims were from the telecommunications and IT firms, industries that play a critical role in keeping global internet services online. Due to its timing, Cloudflare dubbed the campaign “The Night Before Christmas.”
“The campaign targeted Cloudflare customers as well as Cloudflare’s dashboard and infrastructure with hyper-volumetric HTTP DDoS attacks exceeding rates of 200 million requests per second (rps) alongside Layer 4 DDoS attacks peaking at 31.4 Terabits per second, making it the largest attack ever disclosed publicly,” Cloudflare wrote in a report.
What Is The Aisuru-Kimwolf Botnet?
Aisuru-Kimwolf is a sprawling botnet made up of millions of malware-infected devices that are weaponized for a range of attacks, including DDoS attacks. With an estimated footprint of 1 to 4 million compromised hosts, the botnet has the capacity to overwhelm critical services, defeat legacy DDoS protection platforms, and severely disrupt national-scale connectivity.
Short-Lived But Extremely Intense
According to Cloudflare, the attack combined hyper-volumetric HTTP floods with network-layer assaults, overwhelming targets in short but intense bursts. More than half of the individual attacks lasted between one and two minutes, but many peaked between 1 and 5 Tbps. Despite their brief duration, the sheer volume posed serious risks to the internet infrastructure.
The latest incident surpassed Aisuru’s own previous record of 29.7 Tbps, as well as a separate attack attributed to the botnet that hit Microsoft infrastructure at 15.72 Tbps and originated from around 500,000 IP addresses.
Who Was Targeted And Where Attacks Came From
Telecommunications providers were the most heavily targeted, followed by IT service firms, gambling platforms, and gaming companies. The largest volumes of attack traffic originated from Bangladesh, Ecuador, and Indonesia, while countries such as China, Hong Kong, Germany, Brazil, and the United States were among the most frequently targeted destinations.
Surging DDoS Activity Worldwide
The incident reflects a broader rise in DDoS activity. In 2025 alone, Cloudflare mitigated an average of 5,376 DDoS attacks per hour, with nearly three-quarters targeting the network layer. The final quarter of the year saw a 31% increase from the previous quarter and a 58% rise year over year, signalling that large-scale DDoS attacks are becoming both more frequent and more powerful.
Security experts say the scale of the Aisuru/Kimwolf botnet is made possible by malware-infected IoT devices, routers, and Android-based TVs, many of which run outdated software or use default passwords, allowing attackers to quietly turn them into attack tools.
A Warning For The Future
Cloudflare noted a 600% increase in network-layer attacks exceeding 100 million packets per second, along with a sharp rise in attacks larger than 1 Tbps. More than 70% of HTTP-based DDoS attacks were traced back to known botnets, underscoring the growing role of automated attack networks in modern cybercrime.
While defenses were able to stop this record-breaking assault automatically, researchers warn that the continued growth of unsecured consumer devices could make even larger attacks possible in the future.
