Published in News

Aisuru botnet hurls record 15.7 Tbps tantrum at Azure

by on18 November 2025
Aisuru botnet hurls record 15.7 Tbps tantrum at Azure


IoT junk kit gangs up for the biggest cloud-crunching flood yet.

Microsoft engineers said the Aisuru botnet launched a 15.7 Tbps distributed denial-of-service barrage against Azure and sprayed more than 3.6 billion packets per second at one unlucky Australian endpoint.

The assault came from more than 500,000 IP addresses and showed how far today’s compromised home routers and cameras can punch above their weight.

The company said in its report that “On October 24, 2025, Azure DDOS Protection automatically detected and mitigated a multi-vector DDoS attack measuring 15.72 Tbps and nearly 3.64 billion packets per second (pps). This was the largest DDoS attack ever observed in the cloud, and it targeted a single endpoint in Australia.”

It added that “The attack originated from the Aisuru botnet.”

Azure’s global defences filtered the muck and kept services alive while the Turbo Mirai-class botnet hammered away. The traffic mostly used large UDP floods, little spoofing, and a blizzard of random source ports, making it easier for analysts to trace the junk to its source.

Microsoft warned that “Attackers are scaling with the internet itself. As fibre-to-the-home speeds rise and IoT devices get more powerful, the baseline for attack size keeps climbing” before urging users to lock things down as the holiday period looms, their spokesperson said.

Security outfit Netscout claimed the Aisuru botnet fired more than 20 Tbps at gaming targets during October 2025. It uses residential proxies to mimic HTTPS traffic. It relies on compromised consumer routers, CCTV systems, DVRs, and other bargain-bin kits while its operators hunt for new vulnerabilities to swell the ranks.

Researchers said the crew runs a DDoS-for-hire gig that avoids government and military networks. However, broadband providers have been thumped by attacks topping 1.5 Tbps from infected customer devices. Like other Turbo Mirai offshoots, Aisuru includes extra tools that let its minders dabble in credential stuffing, AI-powered scraping, spam and phishing.

Its UDP, TCP and GRE floods use medium-sized packets and randomised ports or flags. More than 1 Tbps from hijacked customer premises equipment has knocked over broadband networks, and 4 Gbps storms have blown out router line cards.

Netscout said Aisuru and other Turbo Mirai-class botnets mostly unleash single-vector, direct-path floods, sometimes teaming up with other hired guns for multi-vector messes. The traffic often mimics normal web requests and uses onboard residential proxies for HTTPS jobs while remaining unspoofed thanks to limited privileges and sloppy source validation on many networks.

Cloudflare linked Aisuru to a 22.2 Tbps attack it squashed in September 2025, which gives a grim hint of where things are heading.

Last modified on 18 November 2025
Rate this item
(0 votes)
Tagged under
More in this category: « Billionaires leg it from Nvidia as AI bubble jitters spike TSMC discovers the American dream costs a fortune »
back to top

Most popular

Latest comments

Read more about: