In a significant cybersecurity development, Cloudflare announced that it successfully mitigated the largest recorded distributed denial-of-service (DDoS) attack, which peaked at an astonishing 7.3 terabits per second (Tbps). This unprecedented attack, detected in mid-May 2025, targeted an unnamed hosting provider, demonstrating the ongoing threats faced by internet infrastructure and service providers.
Omer Yoachimik from Cloudflare reported that the attack resulted in a staggering 37.4 terabytes of data being delivered in just 45 seconds. “Hosting providers and critical Internet infrastructure have increasingly become targets of DDoS attacks,” Yoachimik stated, underscoring the growing trend of such malicious attempts aimed at disrupting services. This incident follows a series of high-profile attacks on internet service providers, including a severe 5.6 Tbps DDoS attack mitigated earlier this year.
The DDoS attack was characterized by multiple vectors and originated from a widespread network of over 122,145 source IP addresses across 161 countries, hitting an average of 21,925 destination ports on a single IP address. The attack’s volume was comprised primarily of UDP flood traffic, which alone accounted for 99.996% of the total attack traffic. The report identified Brazil, Vietnam, and Taiwan as leading sources of the attack.
The sophisticated nature of the attack was revealed in the analysis conducted by Cloudflare, which indicated a blend of various DDoS attack techniques, including UDP floods and reflection attacks. Telefonica Brazil emerged as the largest contributor to the attack bandwidth, responsible for 10.5% of the total traffic. This incident is part of an alarming pattern of escalating DDoS threats that have become more frequent and complex, as evidenced by the earlier attacks mitigated by Cloudflare and the emergence of new botnets.
In related news, the QiAnXin XLab team reported on the RapperBot DDoS botnet, which has been linked to attacks on companies such as artificial intelligence firm DeepSeek. RapperBot, whose malware targets vulnerable devices, including routers and network-attached storage, has remained active since 2022 and continues to threaten multiple industries.DeepSeek is among the recent casualties of such attacks, reinforcing the need for enhanced security measures against evolving cyber threats.
This latest incident not only highlights the critical need for robust cybersecurity solutions among hosting providers but also raises awareness about the strategies employed by cybercriminals leveraging vulnerabilities in modern technology.