The internet has spent the past three months ducking for cover as the Aisuru botnet hurled record-shattering DDoS barrages from an army of up to 4 million infected machines.

Aisuru is a relative newcomer to the botnet scene. It was [1]first spotted in 2024 , but it has quickly grown into a Mirai-class monster built from hijacked routers, cameras, and other bargain-basement IoT gear. Despite its humble parts, it punches far above its weight, firing off multi-terabit, multibillion-packet-per-second DDoS blasts that make earlier Mirai variants look almost low-key by comparison.

In its [2]latest quarterly report , Cloudflare reveals Aisuru is now thought to command between 1 million and 4 million infected devices worldwide. That global horde routinely pumped out DDoS attacks topping 1 terabit per second and 1 billion packets per second. On average, that amounted to roughly 14 hyper-volumetric attacks a day – a 54 percent quarter-on-quarter increase.

[3]

Aisuru's firepower isn't just consistent; it's record-breaking. In Q3, one attack peaked at 29.7 Tbps, a new high water mark for volumetric disruption. The assault was delivered as a "UDP carpet-bombing" flood, blasting traffic across roughly 15,000 destination ports per second while using randomized packet attributes to evade legacy defenses.

[4]

[5]

Cloudflare says that since the start of 2025, it has already mitigated 2,867 Aisuru-linked attacks, with 1,304 of them hyper-volumetric fires in Q3 alone. The infrastructure giant's autonomous defenses blocked a total of 8.3 million DDoS attacks during the quarter – that's nearly 3,780 attacks every hour.

Behind the scenes, the broader DDoS landscape has shifted sharply. Network-layer attacks, including UDP, DNS, SYN, and ICMP floods, comprised 71 percent of all attacks in Q3, with network-layer counts up 87 percent quarter-on-quarter and 95 percent year-on-year. HTTP-layer DDoS, by contrast, fell by 41 percent quarter-on-quarter and 17 percent year-on-year, accounting for 29 percent of total attacks.

[6]Cloudflare broke itself – and a big chunk of the Internet – with a bad database query

[7]Cloudflare coughs, half the internet catches a cold

[8]Cloudflare Q3 report shows the internet still breaks for the strangest reasons

[9]Cloudflare DDoSed itself with React useEffect hook blunder

Amid evolving global conditions, certain sectors saw sharp surges in DDoS activity. Cloudflare observed a 347 percent month-on-month spike in attack traffic against generative AI companies during September – a period of heightened public scrutiny and regulatory attention on AI. Meanwhile, industries tied to mining, metals, and automotive surged as geopolitical friction – notably rising EU-China trade tensions over rare earth minerals and EV tariffs – coincided with increased DDoS targeting.

Top-ranked industries under siege included IT and services, telecommunications, and gambling and casinos. Notably, the automotive sector revved up 62 spots in the ranking in just one quarter, becoming the sixth most attacked industry globally. Attack origins also reflect shifting geography. Seven of the top ten source regions for DDoS traffic were in Asia, with Indonesia leading for the second consecutive year.

[10]

Cloudflare says the sheer volume and rapidity of these attacks show that the DDoS threat landscape has fundamentally changed. Many assaults now end in under ten minutes, which is too fast for on-demand mitigation services to respond. For organizations relying on on-premises scrubbing centers or reactive defenses, keeping pace with this flood of traffic may no longer be feasible.

Given that chunks of Aisuru are effectively up for hire, allowing cybercriminals to weaponize a global army of compromised devices, the implications are worrying. What was once the domain of major cybercrime or state-backed infrastructure war games may now be available for a few hundred dollars. ®

Get our [11]Tech Resources



[1] https://krebsonsecurity.com/2025/10/aisuru-botnet-shifts-from-ddos-to-residential-proxies/?utm_source=chatgpt.com

[2] https://blog.cloudflare.com/ddos-threat-report-2025-q3/

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aTG-J1ep7AKPD7pP5gfY1wAAABc&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aTG-J1ep7AKPD7pP5gfY1wAAABc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aTG-J1ep7AKPD7pP5gfY1wAAABc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[6] https://www.theregister.com/2025/11/19/cloudflare_incident_report/

[7] https://www.theregister.com/2025/11/18/cloudflare_outage/

[8] https://www.theregister.com/2025/10/28/cloudflare_q3_internet_disruption/

[9] https://www.theregister.com/2025/09/18/cloudflare_ddosed_itself/

[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aTG-J1ep7AKPD7pP5gfY1wAAABc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[11] https://whitepapers.theregister.com/