Microsoft said today that the Aisuru botnet attacked its Azure network with a 15.72 terabits per second (Tbps) DDoS attack launched from more than 500,000 IP addresses.
The attack used an extremely high-rate UDP flood that targeted a specific public IP address in Australia, reaching approximately 3.64 billion packets per second (bps).
“The attack originated from the Aisuru botnet. Aisuru is a Turbo Mirai-class IoT botnet that causes record-breaking DDoS attacks by exploiting compromised home routers and cameras primarily at residential ISPs in the United States and other countries,” said Sean Whalen, senior product marketing manager at Azure Security.
“These sudden UDP bursts had minimal source spoofing and used random source ports, which helped simplify traceback and facilitate provider enforcement.”
Cloudflare linked the same botnet to a record-breaking 22.2 terabits per second (Tbps) DDoS attack, which reached 10.6 billion packets per second (bps) and subsided in September 2025. The attack only lasted 40 seconds but was equivalent to streaming approximately one million 4K videos simultaneously.
A week earlier, Chinese cybersecurity company Qi’anxin’s
The botnet targets security vulnerabilities in IP cameras, DVRs/NVRs, Realtek chips, and routers from T-Mobile, Zyxel, D-Link, and Linksys. As XLab researchers said, its size suddenly increased in April 2025 when its operators breached the Totolink router firmware update server and infected about 100,000 devices.
Infosec journalist Brian Krebs reported earlier this month that Cloudflare removed several domains associated with the Aisuru botnet from its public “Top Domains” ranking of most-requested websites (based on DNS query volume) after they began overtaking legitimate sites like Amazon, Microsoft, and Google.
The company said that Aisuru’s operators were deliberately flooding Cloudflare’s DNS service (1.1.1.1) with malicious query traffic to increase the popularity of their domains while reducing trust in the rankings. Cloudflare CEO Matthew Prince also confirmed that the botnet’s behavior was seriously distorting the ranking system and said that Cloudflare now removes or completely hides suspected malicious domains to avoid similar incidents in the future.
As Cloudflare revealed in its 2025 Q1 DDoS report in April, it mitigated a record number of DDoS attacks last year with a 198% quarter-on-quarter jump and a massive 358% year-on-year increase.
Overall, it stopped 21.3 million DDoS attacks targeting its customers throughout 2024, as well as another 6.6 million attacks targeting its own infrastructure during the 18-day multi-vector campaign.
Whether you’re cleaning up old keys or setting up guardrails for AI-generated code, this guide helps your team build securely from the start.
Get a cheat sheet and take the guesswork out of mystery management.