Azure Thwarts Record-Breaking 15.72 Tbps DDoS Attack from 500,000+ Devices
In a significant cybersecurity event, Microsoft Azure successfully mitigated one of the largest distributed denial-of-service (DDoS) attacks ever recorded in the cloud. On October 24, 2025, the attack peaked at an unprecedented 15.72 terabits per second (Tbps) and generated nearly 3.64 billion packets per second (pps), targeting a single endpoint in Australia.
Azure’s automated DDoS Protection service promptly identified and neutralized the malicious traffic, ensuring uninterrupted service for the affected customer. The attack persisted for several hours, originating from the notorious Aisuru botnet, a variant of the Turbo Mirai-class malware. This botnet primarily infects vulnerable Internet of Things (IoT) devices, such as home routers and security cameras, transforming them into a massive network of compromised devices.
In this instance, the Aisuru botnet mobilized over 500,000 unique source IP addresses across residential internet service providers (ISPs) in the United States and other regions. The attack employed high-rate User Datagram Protocol (UDP) floods targeting a specific public IP address, utilizing minimal source IP spoofing and randomized ports to evade detection and traceback.
Azure’s response leveraged its globally distributed scrubbing centers, which filtered the malicious traffic in real time and redirected clean packets to the intended recipient. A Microsoft spokesperson highlighted the effectiveness of their defense mechanisms, stating, Our continuous monitoring and adaptive mitigation capabilities were key to neutralizing this unprecedented volume without impacting service.
This incident surpasses previous record-breaking DDoS attacks, underscoring a concerning trend in the escalation of cyber threats. For instance, in September 2025, Cloudflare reported mitigating a 22.5 Tbps attack fueled by a Mirai derivative infecting smart home devices. Earlier in March 2025, Google Cloud defended against a 10.2 Tbps multi-vector attack originating from Asia-Pacific botnets that combined SYN floods and DNS amplification. In 2024, AWS documented an 8.9 Tbps attack on a U.S.-based e-commerce site, traced to compromised routers in Eastern Europe.
As the holiday shopping season approaches, cybersecurity experts emphasize the importance of bolstering protections for internet-facing applications. Sarah Lin, a threat analyst at a leading security firm, advises, Don’t wait for an attack to test your resilience. Regular DDoS simulations can expose vulnerabilities in operational readiness, from traffic routing to failover mechanisms. With botnets like Aisuru growing unchecked, proactive defense remains the only shield against these digital sieges.
