Cloudflare said it recently blocked the largest recorded volumetric distributed denial-of-service (DDoS) attack, peaking at 11.5 terabits per second (Tbps), targeting its network and customers.
Cloudflare said in a Tuesday tweet that the 11.5 Tbps attack was a UDP flood that mainly came from Google Cloud, and the assault lasted about 35 seconds, according to the company’s post and accompanying image.
The new record follows a string of hyper-volumetric DDoS incidents, including a 7.3 Tbps attack against a hosting provider in June and earlier peaks of 3.8 Tbps in 2024. Cloudflare highlighted that these incidents illustrate the expanding scale of DDoS campaigns in recent years.
In its 2025 Q1 DDoS report, Cloudflare said it mitigated a record number of DDoS attacks in 2024, including 21.3 million targeting its customers and 6.6 million aimed at its own infrastructure, during an 18-day multi-vector campaign featuring SYN flood, Mirai-style activity, and SSDP amplification, among other techniques.
Industry observers note that the episodes underscore rising risk to online services as attackers increasingly employ high-volume, short-duration floods. Microsoft and other providers have faced similarly large DDoS incidents in the past, highlighting the ongoing challenge of defending critical cloud and internet infrastructure.