Azure DDoS Attack: 15 Tbps Hit by 500,000 IPs
Microsoft Hit by 15.72 Tbps DDoS Attack from Aisuru Botnet
Microsoft has revealed it was targeted by a massive Distributed Denial of Service (DDoS) attack reaching 15.72 terabits per second (Tbps), originating from the Aisuru botnet. The attack, launched from over 500,000 IP addresses, utilized extremely high-rate UDP floods targeting a specific public IP address in Australia, peaking at nearly 3.64 billion packets per second (bpps).
Key takeaways:
* Aisuru Botnet: This is a “Turbo Mirai-class” IoT botnet known for record-breaking DDoS attacks. It compromises home routers and cameras, primarily within residential ISPs in the US and other countries.
* Attack Details: The attack involved UDP floods with minimal source spoofing and random source ports,simplifying traceback and enforcement by internet service providers.
* Recent Activity: This is not an isolated incident.
* Cloudflare mitigated a 22.2 Tbps attack linked to Aisuru in September 2025.
* Qi’anxin’s XLab attributed an 11.5 Tbps attack to Aisuru just a week prior.
* compromised Devices: Aisuru exploits vulnerabilities in IP cameras, DVRs/NVRs, Realtek chips, and routers from brands like T-Mobile, Zyxel, D-Link, and Linksys. The botnet significantly expanded in April 2025 after a breach of a TotoLink router firmware update server, infecting roughly 100,000 devices.
* DNS Manipulation: Aisuru’s operators have been deliberately flooding Cloudflare’s DNS, causing botnet-related domains to overtake legitimate sites like Amazon, Microsoft, and Google in DNS query volume, leading to their removal from Cloudflare’s “Top Domains” list.
Sources:
* BleepingComputer - Cloudflare 222 Tbps Attack
* Qi’anxin XLab – Aisuru Botnet