Cloudflare Blocks Massive 22.2 Tbps DDoS Attack Twice As Big As Anything Seen Before
Hackers are keeping Cloudflare busy these days with increasingly bigger distributed denial of service (DDoS) attacks at an alarmingly frenetic pace. In a post on X, Cloudflare said its cybersecurity mechanisms autonomously blocked a gargantuan DDoS attack that peaked at 22.2 Tbps, which Is "twice as large as anything seen on the internet before."
A DDoS attack of that magnitude is alarming in and of itself, but what adds to the concern is how frequently hackers and botnets are reaching new heights. To wit, Cloudflare mitigated an 11.5 Tbps attack just three weeks ago, which at the time was the largest ever seen. And back in June of this year, Cloudflare thwarted a 7.3 Tbps attack that—you guessed it—was also a record.
Cloudflare just autonomously blocked hyper-volumetric DDoS attacks twice as large as anything seen on the Internet before — peaking at 22.2 Tbps & 10.6 Bpps. Can your mitigation provider’s scrubbing capacity handle that scale? pic.twitter.com/cSYiPZ8WA8
— Cloudflare (@Cloudflare) September 22, 2025
Cloudflare attributed the 11.5 Tbps attack from earlier this month to a combination of several IoT and cloud providers and confirmed that Google Cloud was one of the sources, albeit not the majority one. It also said its defenses had been "working overtime" in the weaks leading up to the peak. The takeaway from our perspective is that everyone should be locking down their IoT devices wherever possible, as the default security mechanisms can sometimes be easy pickings for hackers.
As for the more recent record-breaking DDoS attack, Cloudflare has not yet provided any details beyond the above graph, which shows that it lasted for around 40 seconds. However, XLab researchers at Chinese cybersecurity company Qi-anxin said a botnet named AISURU was the culprit. According to XLab, AISURU previously launched DDoS attacks against the digital platform for the popular video game Black Myth: Wukong.
"Since March of this year, XLab's Cyber Threat Insight and Analysis System(CTIA) has continuously captured new samples of the botnet. Multiple sources indicate the group allegedly compromised a router firmware update server in April and distributed malicious scripts to expand the botnet. The node count is currently reported to be around 300,000," XLab stated in a blog post (as spotted by Bleeping Computer).
XLab also posted a list of vulnerabilities that the AISURU botnet is known to compromise. It includes various routers, DVR platforms, IP cameras, and more. As such, our advice remains the same—be sure to keep your router and IoT devices updated with the latest security patches and firmware.
Top images courtesy of Cloudflare (B-roll asset)
