Cloudflare reported it detected and mitigated a distributed denial-of-service (DDoS) attack that reached 29.7 terabits per second (Tbps). The company said the activity originated from the AISURU botnet-for-hire, the incident lasted 69 seconds and the target was not disclosed.
Cloudflare engineers Omer Yoachimik and Jorge Pacheco described the incident as a UDP “carpet-bombing” attack that averaged about 15,000 destination ports per second and randomized packet attributes in an attempt to evade defenses.
The company also mitigated a separate 14.1 billion packets-per-second (Bpps) attack attributed to the same botnet. Cloudflare said AISURU is believed to be powered by an estimated 1–4 million infected hosts worldwide and has targeted telecommunications providers, gaming companies, hosting providers and financial services.
Cloudflare reported it has mitigated 2,867 AISURU attacks since the start of the year, including 1,304 hyper-volumetric attacks in the third quarter of 2025. The firm said a total of 8.3 million DDoS attacks were blocked during the period covered by its report.
The company’s data showed broader trends for 2025, including 36.2 million DDoS attacks thwarted year to date and 1,304 network-layer attacks that exceeded 1 Tbps, up from 717 in the first quarter and 846 in the second. Cloudflare said attacks over 100 million packets per second rose 189% quarter on quarter, most HTTP and network-layer attacks lasted less than 10 minutes, and many attack sources were in Asia; it also reported a 347% spike in DDoS traffic against AI companies in September 2025.
Cloudflare warned that DDoS threats have grown in sophistication and size and said many organisations are struggling to keep pace with the evolving threat landscape. The company did not provide additional details about the specific target of the 29.7 Tbps incident.