Massive 31.4 Tbps DDoS attack breaks records: How the 'apex' of botnets could be weaponizing your home devices

Yosi Azwan/iStock /Getty Images Plus

Follow ZDNET: Add us as a preferred source on Google.

ZDNET's key takeaways

• Aisuru smashed previous records with a 31.4 Tbps DDoS attack.
• It appeared to have focused on telecommunications providers.
• Seemingly safe and small devices can be weaponized for massive cyberattacks. 

The Aisuru botnet has reached new heights, breaking previous Distributed Denial-of-Service (DDoS) records with an attack peaking at 31.4 Tbps with 200 million requests per second. 

Also known as Kimwolf, Aisuru is one of the largest botnets currently in existence, powered by an estimated one to four million infected hosts worldwide, including home and consumer devices such as routers and online CCTV systems. 

Its operators scan the web for vulnerable devices, often with exposed ports or default credentials, and infect them to add them to a pool of devices that can be harnessed to launch a tsunami of fake traffic against a target service.

Also: Why the internet kept breaking and taking down your favorite sites in 2025

Cloudflare dubbed Aisuru the "apex of botnets" in its 2025 Q3 DDoS threat report, noting that telecoms firms, gaming companies, hosting providers, ISPs, and financial services are among those commonly targeted. 

This isn't a botnet that belongs exclusively to one threat group. Instead, Aisuru is a botnet-for-hire, with capacity available for between a few hundred and a few thousand dollars.

"Anyone can potentially inflict chaos on entire nations by crippling backbone networks and saturating Internet links, disrupting millions of users and impairing access to essential services," Cloudflare said. 

As reported by Krebs on Security, the botnet is also able to "rent" compromised devices to residential proxy providers, which can then be used for data scraping and even large language model (LLM) training for AI projects. According to Netscout, Aisuru "incorporates additional dedicated DDoS attack capabilities and multi-use functions, enabling both DDoS attacks and other illicit activities such as credential stuffing, AI-driven web scraping, spamming, and phishing."

Past DDoS records

The latest attack, recorded and mitigated by Cloudflare on Dec. 19, reached a peak of 31.4 Tbps and 200 million requests per second. Cloudflare called the DDoS attack an "unprecedented bombardment" and "the largest attack ever disclosed publicly."

Aisuru accounted for thousands of attacks in 2025 and has now surpassed its previous record of 29.7 Tbps. 

Why does Aisuru matter?

When a Distributed Denial-of-Service (DDoS) attack is so powerful that it overwhelms a service with fraudulent traffic, it denies legitimate visitors access, and so DDoS incidents tend to make the headlines only when a popular online service or resource is disrupted. 

Over 47 million DDoS attacks were recorded in 2025, representing a 121% year-over-year increase.

It's to Cloudflare's credit that even this hyper-volumetric attack was automatically detected and dealt with, and so we didn't even notice. However, Aisuru's attack is notable for highlighting the potential for exponential growth in this botnet's future, as well as the growing power and attack capabilities of DDoS botnets overall. 

Furthermore, the majority of Aisuru's power stems from compromised consumer devices we frequently use at home, including routers and Internet of Things (IoT) devices. Aisuru's recent weaponization of Android TV devices is a troubling trend, with who knows what other home products destined to be added to the botnet's future pool. 

Aisuru is another reminder to keep your electronics' firmware and apps updated, and serves as a warning to manufacturers that are still shipping products with lax or no security. 

Internet disruptions

Cloudflare also reported over 180 significant internet disruptions in 2025. In Q4 2025, only one major outage was directed by a government -- a country-wide shutdown during protests in Tanzania -- whereas others were caused by power outages, cable damage, extreme weather events, ongoing conflict, and technical issues. 

For example, a massive outage that took thousands of online services offline in October was caused by a DNS failure in AWS's US-East-1 region. 

The Aisuru botnet's record-breaking size might not mean much to people in numerical terms, but when you view it alongside the recent wave of outages, as outlined by Cloudflare, it does highlight the need for ongoing digital infrastructure protection -- especially when you consider how heavily our economies and societies now depend on reliable connectivity.