Defending the cloud: Azure neutralized a record-breaking 15 Tbps DDoS attack | Microsoft Community Hub

On October 24, 2025, Azure's DDoS Protection service detected and successfully mitigated an unprecedented multi-vector distributed denial-of-service (DDoS) attack that peaked at 15.72 terabits per second (Tbps) and nearly 3.64 billion packets per second (pps). This massive assault targeted a singular endpoint located in Australia, marking it as the largest DDoS attack ever recorded in a cloud environment. Leveraging Azure’s extensive globally distributed DDoS Protection infrastructure and its continuous monitoring capabilities, the system automatically initiated mitigation measures to filter and redirect the malicious traffic, ensuring uninterrupted service availability for customer workloads despite the onslaught. The attack was orchestrated by the Aisuru botnet, a Turbo Mirai-class Internet of Things (IoT) botnet known for launching record-breaking DDoS attacks. This botnet exploits compromised home routers and cameras, mainly within residential internet service providers across the United States and other countries. The assault involved extremely high-rate UDP (User Datagram Protocol) floods aimed at a specific public IP address. The attack traffic originated from over 500,000 unique source IP addresses spread across various regions, with minimal source IP spoofing and randomized source ports. This particular tactic not only increased the attack’s intensity but also facilitated network providers’ efforts to trace the attack back to its sources and enforce countermeasures effectively. As internet speeds continue to climb, especially with the expansion of fiber-to-the-home services, and IoT devices become more powerful and widespread, the baseline scale for potential attacks grows accordingly. This incident highlights how attackers are scaling their capabilities in parallel with advancements in internet infrastructure. With the holiday season approaching—a period notorious for increased cyber threats—it’s crucial for organizations to confirm that all internet-facing applications and workloads are sufficiently safeguarded against DDoS attacks. Waiting for an actual attack to test your defenses is a risky gamble; instead, regular simulations and proactive testing should be implemented to identify vulnerabilities and ensure operational readiness. Azure’s response to this record-breaking attack demonstrates the effectiveness of their globally distributed and automated protection system. The continuous detection mechanism allowed for swift identification and containment of malicious traffic without impacting legitimate customer services. The use of multi-vector mitigation strategies, including filtering high-rate UDP floods and redirecting traffic, showcases how cloud providers must adapt to handle evolving DDoS tactics. Such attacks not only threaten service availability but can also disrupt business operations and erode customer trust if improperly managed. Ultimately, this event serves as a stark reminder of the growing scale and sophistication of cyber threats in the cloud era. Organizations worldwide must stay vigilant, continuously update their security postures, and invest in robust DDoS protection technologies. By doing so, they can better defend against increasingly aggressive botnets like Aisuru and maintain reliable service availability even under extreme attack conditions.