Jump to content
Login new information ×
Login new information
  • Security & Privacy News

    Cloudflare mitigates new record-breaking 22.2 Tbps DDoS attack

    Karlston

    By Karlston,
    Published Date:

    • 473 views
    • 2 minutes
     Share
    • 473 views
    • 2 minutes

    Cloudflare has mitigated a distributed denial-of-service (DDoS) attack that peaked at a record-breaking 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps).

     

    DDoS attacks typically exhaust either system or network resources, aiming to make services slow or unavailable to legitimate users.

     

    Record-breaking DDoS attacks are becoming more frequent, as just three weeks ago, Cloudflare disclosed that it mitigated a massive 11.5 Tbps and 5.1 Bpps attack, the largest publicly announced at the time.

     

    Two months before that, the company dealt with another ecord attack that peaked at 7.3 Tbps. In April, the internet giant warned that it was dealing with a record number of DDoS attacks this year.

     

    The latest DDoS incident, also volumentric, lasted 40 seconds and is by far the largest ever mitigated.

    Diagram of the attack
    Diagram of the record-breaking attack
    Source: Cloudflare

    Despite the short assault period, the volume of traffic directed at the victim was enormous, roughly equivalent to streaming one million 4K videos simultaneously.

     

    The packet rate of 10.6 Bpps can be translated to roughly 1.3 web page refreshes per second from every person on the planet.

     

    The large volume of packets makes it particularly difficult for firewalls, routers, and load balancers to process the requests, even if the total bandwidth is manageable.

     

    Although Cloudflare has not shared many details about the last two DDoS attacks, XLab research division at Chinese cybersecurity company Qi'anxin attributed an 11.5 Tb DDoS attack to the AISURU botnet.

     

    According to the researchers, AISURU has infected more than 300,000 devices worldwide, with a sudden increase occuring in April 2025 after the compromise of a Totolink router firmware update server.

     

    The botnet also targets vulnerabilities in IP cameras, DVRs/NVRs, Realtek chips, and routers from T-Mobile, Zyxel, D-Link, and Linksys.

     

    Source

    Hope you enjoyed this news post. Feedback welcome.

    Posted Wednesday 24 September 2025 at 5:12 am AEST (my time).

    News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of August): 4,048

    RIP Matrix

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...