A record breaking DDoS attack that unfolded in late October has renewed concerns about how quickly criminal operators are scaling their operations by tapping into everyday internet devices. Microsoft reported that its Azure DDoS Protection systems intercepted a multi vector attack that peaked at 15.72 Tbps and nearly 3.64 billion packets per second, all aimed at a single public endpoint in Australia. The assault came from the Aisuru botnet, a Mirai based network built out of compromised home routers, cameras, and other small devices that rarely see patches or security reviews.
Investigators who reviewed the incident noted that the most striking part of the attack was not only its size but also the simplicity behind it. More than half a million IP addresses delivered large waves of UDP traffic with almost no spoofing, which made tracing the source more straightforward than in older campaigns.
Even so, the volume was enough to stress parts of the Australian broadband ecosystem and offered another reminder that DDoS operators are learning to take advantage of rising residential fiber speeds and increasingly powerful consumer hardware.
Security analysts say that the October attack did not appear to be an isolated event. Netscout observed similar activity from Aisuru in the same month, including bursts that exceeded 20 Tbps while targeting gaming services and other online platforms. Their research shows that the botnet behaves like a DDoS for hire service and avoids government and military networks, yet broadband providers still reported disruptions caused by customers’ infected routers sending floods upward of 1.5 Tbps.
What stands out about Aisuru is its flexibility. While it can overwhelm networks with UDP, TCP, and GRE floods, its operators also use it for credential stuffing and automated scraping. Much of the traffic even resembles legitimate HTTPS sessions because the botnet routes attacks through residential proxies. Cloudflare previously connected Aisuru to another record setting event, a 22.2 Tbps attack recorded in September.
With holiday traffic approaching, security teams are reviewing their exposure and making sure their public facing services can withstand a new baseline where attacks in the tens of terabits are no longer theoretical.
