Cloudflare has mitigated the largest distributed denial-of-service (DDoS) attack ever reported. The attack peaked at 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps).
The assault lasted just 40 seconds, but the volume of traffic was massive. To put it in perspective, it was equal to streaming one million 4K videos at the same time. The packet rate alone was enough to flood firewalls and routers, with the equivalent of 1.3 web page refreshes per second from every person on Earth.
This is not the first time Cloudflare has had to deal with attacks of this scale. Only three weeks ago, the company disclosed another attack that reached 11.5 Tbps. Two months before that, it faced one at 7.3 Tbps. The steady rise shows how quickly attackers are scaling their operations.
While Cloudflare has not confirmed the source of the latest incident, researchers at Qi’anxin recently linked a previous 11.5 Tbps attack to the AISURU botnet. This botnet is believed to control more than 300,000 devices worldwide. It spreads by exploiting weaknesses in routers, IP cameras, DVRs, Realtek chips, and devices from brands like Zyxel, D-Link, and Linksys.
According to Qi’anxin, the surge in AISURU activity began in April 2025 after attackers compromised a Totolink router firmware update server. By poisoning the update supply chain, they gained control over large numbers of consumer devices, later weaponizing them in high-scale DDoS campaigns.
DDoS attacks work by flooding systems or networks with traffic, making them slow or unavailable to real users. Even short bursts can cause downtime for critical services if defenses are not in place. What is alarming about this attack is the speed of its growth — each new one breaks the record set only weeks earlier.
The 22.2 Tbps attack shows that attackers are becoming more efficient in harnessing vulnerable devices for destructive traffic floods. With the rise of insecure IoT hardware and supply chain compromises, the problem is unlikely to slow down. For businesses and infrastructure providers, the key lesson is clear: large-scale DDoS attacks are no longer rare events, but an expected part of today’s threat landscape.
