Add Techlomedia as a preferred source on Google.
Microsoft has confirmed that its Azure cloud network was recently hit by one of the largest DDoS attacks ever recorded. The attack peaked at 15.72 terabits per second and came from more than 500,000 IP addresses, all controlled by the growing Aisuru botnet.
According to Microsoft, the attack used extremely high-rate UDP floods and targeted a single public IP address in Australia. At its peak, the attack reached 3.64 billion packets per second, which is an enormous amount of traffic for any system to handle. Azure Security senior product marketing manager Sean Whalen said the Aisuru botnet was behind the attack. He explained that Aisuru is a Turbo Mirai-class IoT botnet known for launching record-breaking attacks by exploiting vulnerable home routers and cameras across several countries.
What makes this attack interesting is how it was structured. The UDP bursts had almost no source spoofing, and the botnet used random source ports. This made it easier for security teams to trace the attack back to its origin and allowed internet providers to block malicious traffic more effectively.
This is not the first time Aisuru has made headlines. Cloudflare linked the same botnet to a record-breaking 22.2 Tbps DDoS attack that peaked at 10.6 billion packets per second. That attack happened in September 2025 and lasted just 40 seconds. Even though it was short, Cloudflare said the attack generated enough traffic to match the load of streaming one million 4K videos at the same time.
Just one week before that, cybersecurity researchers at Qi’anxin’s XLab also reported an 11.5 Tbps attack tied to Aisuru. At that time, the botnet was controlling around 300,000 infected devices. Its size grew rapidly in April 2025 after its operators breached a TotoLink router firmware update server. That incident allowed them to infect about 100,000 new devices in one go.
The botnet mainly takes advantage of vulnerabilities in IP cameras, DVRs, NVRs, Realtek chipsets, and routers sold by companies such as T-Mobile, Zyxel, D-Link, and Linksys. Because these devices are used in homes around the world, they offer a huge attack surface for criminals who want to build powerful networks of infected machines.
Aisuru’s impact has not been limited to DDoS attacks. Earlier this month, journalist Brian Krebs reported that Cloudflare removed several domains linked to the botnet from its public “Top Domains” list. These domains were sending massive amounts of bad DNS traffic to Cloudflare’s 1.1.1.1 DNS service, which pushed them above major websites like Amazon, Microsoft, and Google in query volume. Cloudflare CEO Matthew Prince confirmed that the botnet was trying to artificially boost the popularity of its domains while also disrupting trust in the rankings. To prevent similar issues in the future, Cloudflare has begun redacting or hiding suspicious domains.
Cloudflare’s 2025 Q1 DDoS report also shows how serious the situation has become. The company said it handled a 198% quarter-over-quarter rise in DDoS attacks and a 358% increase compared to the previous year. In total, Cloudflare blocked 21.3 million DDoS attacks aimed at its customers in 2024, plus another 6.6 million attacks targeting its own systems during an 18-day multi-vector campaign.
The Aisuru botnet continues to grow in size and capability, and the latest Azure attack shows how dangerous these compromised IoT devices have become. As more home devices come online, attackers are gaining access to a larger pool of potential bots, making the scale of future attacks even more unpredictable.
Follow Techlomedia on Google News to stay updated. 
Affiliate Disclosure:
This article may contain affiliate links. We may earn a commission on purchases made through these links at no extra cost to you.
