Microsoft disclosed that its Azure cloud service was targeted by an unprecedented distributed denial of service (DDoS) attack on October 24. According to Microsoft’s Sean Whalen, the traffic surge, measured at a staggering 15.72 terabits per second (Tbps) and involving close to 3.64 billion packets per second, was the largest DDoS attack ever observed in the cloud. The company’s cloud DDoS protection service automatically detected and mitigated the massive influx of User Datagram Protocol (UDP) packets, which originated from over 500,000 source IP addresses worldwide and targeted a single endpoint in Australia. Crucially, the mitigation was successful, and no customer workloads experienced any service disruption during the incident.
The enormous network flood was attributed to the Aisuru botnet, an evolution of the Mirai-based IoT malware. Aisuru has been recognized since its emergence in August 2024 for orchestrating record-breaking DDoS attacks. For instance, in June 2025, it launched a 6.3 Tbps attack against KrebsOnSecurity, which was noted at the time as the largest attack Google had ever mitigated. By October, the botnet’s operators had escalated their capabilities even further, with industry experts like Netscout principal engineer Roland Dobbins estimating their power to exceed 20 Tbps.
Aisuru primarily operates by infecting vulnerable devices like home routers and cameras connected to residential ISP networks. While it functions as a DDoS-for-hire service, its operators have reportedly implemented restrictions to avoid targeting governmental, law enforcement, and military infrastructure, though this claim should be viewed with skepticism given the criminal nature of the operation. The botnet’s influence has even appeared in non-attack related contexts; earlier this month, Cloudflare reportedly removed Aisuru-linked domains from its Top Domains ranking after they surprisingly outranked major tech firms like Amazon, Google, and Microsoft in terms of frequency of requests.
Cloudflare CEO Matthew Prince explained that the high volume of requests was likely an attempt by the attacker to influence the ranking while also straining their DNS service. Cloudflare responded by correcting the ranking mechanism and redacting sites classified as malware. This incident, combined with the successful Azure mitigation, highlights the persistent and escalating nature of large-scale cyber threats and the continuous battle between attackers and defense providers.
Although the 15.72 Tbps event may currently hold the record as the largest-ever mitigated cloud DDoS attack, the industry consensus is that this record will inevitably be broken. As Microsoft’s Whalen noted, attackers are continuously scaling their capabilities in tandem with the growth of the internet itself. This trend is supported by data from Cloudflare, which reported a more than 40 percent increase in DDoS attacks during the second quarter of 2025 compared to the same period the previous year, underscoring the accelerating threat landscape.
Reference:
