Cloudflare said it autonomously blocked the largest distributed denial of service attack ever publicly recorded. The massive attack, which peaked at 7.3 terabits per second, was detected in the middle of May 2025. It specifically targeted an unnamed hosting provider and delivered an astonishing 37.4 terabytes of data in forty-five seconds. This new world record attack is just the latest in a series of escalating hyper-volumetric DDoS incidents.
The multi-vector attack was a complex combination of several different types, with a UDP flood accounting for nearly all.
The attack traffic originated from over 122,000 separate source IP addresses that were spanning 161 different countries. The top sources of the attack traffic included the nations of Brazil, Vietnam, Taiwan, China, and Indonesia. Telefonica Brazil alone accounted for over ten percent of the total volume of the significant DDoS attack traffic.
Cloudflare’s customer was using its ‘Magic Transit’ service, which was able to mitigate the attack without human intervention. The company’s global anycast network successfully dispersed the massive volume of attack traffic to 477 data centers. It leveraged key technologies like real-time fingerprinting and intra-data center gossiping for automated, real-time intelligence sharing.
This allowed the company’s systems to automatically compile rules to block the malicious traffic as it was detected.
This incident highlights the growing threat from DDoS botnets, such as the one known by the name of RapperBot. Since March, RapperBot’s attack behavior has been significantly active, with an average of over 100 attack targets per day. RapperBot campaigns are known to target routers, network-attached storage devices, and also many different video recorders. The botnet’s attack targets are spread all over the fields of various industries, including public management and finance.
Reference:
