日本語
한국어
Tiếng Việt
简体中文
Microsoft today confirmed that its Azure cloud network was the target of a colossal Distributed Denial of Service (DDoS) attack, reaching an astounding 15.72 terabits per second (Tbps). This massive cyberassault was orchestrated by the notorious Aisuru botnet, deploying an army of over 500,000 compromised IP addresses.
Anatomy of a Record-Breaking Assault
The attack, which primarily struck a specific public IP address located in Australia, utilized extremely high-rate UDP floods. These aggressive bursts of traffic generated nearly 3.64 billion packets per second (bpps), aiming to overwhelm Azure’s defenses. According to Sean Whalen, Azure Security senior product marketing manager, the minimal source spoofing and random source ports employed during these sudden UDP bursts paradoxically aided in tracing the attack’s origin and facilitating enforcement measures.
The Aisuru Botnet: A “Turbo Mirai-Class” Threat
The perpetrator, the Aisuru botnet, has been identified as a “Turbo Mirai-class IoT botnet.” This sophisticated network of compromised devices frequently achieves record-breaking DDoS attacks by exploiting security vulnerabilities in home routers and cameras. Its origins are primarily traced to residential ISPs across the United States and other regions.
Aisuru’s impact isn’t new. Cybersecurity firm Cloudflare previously linked the same botnet to a staggering 22.2 Tbps DDoS attack in September 2025, which also set a record with 10.6 billion packets per second (Bpps). Though that particular incident lasted only 40 seconds, its intensity was likened to streaming one million 4K videos simultaneously. Earlier that same month, the XLab research division of Chinese cybersecurity company Qi’anxin attributed another significant 11.5 Tbps DDoS attack to Aisuru, estimating its control over approximately 300,000 bots at that time.
Evolution and Exploitation Tactics
The Aisuru botnet strategically targets known security vulnerabilities in various internet-connected devices, including:
- IP cameras
- DVRs/NVRs (Digital/Network Video Recorders)
- Realtek chips
- Routers from manufacturers like T-Mobile, Zyxel, D-Link, and Linksys
XLab researchers highlighted a significant surge in the botnet’s size in April 2025. This expansion occurred after its operators successfully breached a TotoLink router firmware update server, leading to the infection of approximately 100,000 additional devices.
Manipulating Internet Rankings and Broader DDoS Trends
Beyond direct attacks, Aisuru’s operators have demonstrated a penchant for manipulating internet statistics. Infosec journalist Brian Krebs recently reported that Cloudflare was compelled to remove several domains linked to the Aisuru botnet from its public “Top Domains” rankings. These rankings, based on DNS query volume, were being deliberately skewed as Aisuru’s operators flooded Cloudflare’s DNS service (1.1.1.1) with malicious query traffic. This tactic aimed to artificially boost their domains’ popularity and undermine trust in the ranking system. Cloudflare CEO Matthew Prince confirmed this distortion, stating that suspected malicious domains are now redacted or completely hidden to prevent future manipulation.
This incident underscores a broader trend in the escalating landscape of cyber threats. Cloudflare’s 2025 Q1 DDoS Report revealed a record number of DDoS attacks mitigated in 2024, marking a 198% quarter-over-quarter jump and a massive 358% year-over-year increase. In total, the company blocked 21.3 million DDoS attacks targeting its customers last year, alongside an additional 6.6 million attacks aimed at its own infrastructure during an 18-day multi-vector campaign.
The sustained and sophisticated attacks by botnets like Aisuru highlight the critical need for robust cybersecurity defenses and continuous vigilance against evolving digital threats.