Cloudflare has disclosed details of a record-setting distributed denial-of-service attack that peaked at 31.4 terabits per second and lasted for 35 seconds. The attack, which occurred in November 2025, has been attributed to the AISURU/Kimwolf botnet. Cloudflare said the traffic was detected and blocked automatically, without manual intervention. Despite its short duration, the attack is now the largest publicly disclosed DDoS attack so far.
Cloudflare observed a sharp rise in similar attacks during the fourth quarter of 2025. These attacks were short but extremely intense. Instead of lasting for hours, they relied on sudden bursts of traffic designed to overwhelm networks quickly.
The same botnet was also behind another campaign that started on December 19, 2025, which Cloudflare internally called “The Night Before Christmas.” During this campaign, the average attack size reached 3 billion packets per second and 4 terabits per second. Some attacks peaked at 24 terabits per second and 205 million requests per second.
Cloudflare believes the AISURU/Kimwolf botnet is made up of more than two million compromised Android devices. Many of these devices are low-cost Android TVs. These devices often remain online for long periods and receive limited security updates, making them easy targets for malware.
The attacks are part of a larger trend seen throughout 2025. Cloudflare said the total number of DDoS attacks more than doubled during the year, reaching 47.1 million. Network-layer attacks saw the biggest growth and accounted for most incidents in the final quarter.
Cloudflare’s data also shows a clear and steady rise in the size of DDoS attacks over time. In late 2024, the largest attacks were in the range of 3 to 5 Tbps. By mid-2025, attack sizes had already crossed 10 Tbps. The growth accelerated sharply in the second half of 2025, with multiple attacks breaking previous records within weeks. By November 2025, Cloudflare was blocking attacks close to 30 Tbps, before the 31.4 Tbps record was set. The trend highlights how attackers are scaling faster than before, turning record-breaking DDoS attacks into a frequent event rather than a rare one.
Hyper-volumetric DDoS attacks also became more common. In the fourth quarter of 2025, their number increased by 40 percent compared to the previous quarter. At the same time, attack sizes grew sharply compared to late 2024.
Telecommunications companies were the most targeted sector. Technology, gaming, gambling, and software services were also frequently targeted. These industries are often chosen because even short outages can cause serious disruption.
Cloudflare warned that DDoS attacks are growing faster and more powerful than before. Short and extreme attacks like the 31.4 Tbps incident show why older, on-demand mitigation systems may struggle to keep up.
To stay protected, websites need defenses that can respond instantly. Always-on DDoS protection, traffic filtering at the network edge, and automated mitigation are now important. Relying only on on-demand scrubbing or on-premise systems may no longer be enough. Website owners should also focus on basic security hygiene. This includes keeping servers updated, limiting open ports, rate-limiting APIs, and using content delivery networks that can absorb sudden traffic spikes.
Related Posts
