Record-Breaking DDoS Attacks Mark 2025 Q3 as Aisuru Botnet Emerges

The Aisuru botnet dominated the DDoS threat landscape in Q3 2025, commanding an army of 1-4 million infected devices and launching unprecedented attacks that peaked at 29.7 Tbps and 14.1 billion packets per second^[1]. Cloudflare’s autonomous systems blocked 8.3 million DDoS attacks during the quarter, averaging 3,780 attacks per hour - a 15% increase from Q2 and 40% year-over-year^[1:1].

The Rise of Aisuru

The botnet targeted telecommunications providers, gaming companies, hosting providers, and financial services, causing widespread Internet disruption even when organizations weren’t direct targets^[1:2]. Parts of Aisuru are now offered as botnets-for-hire, enabling attackers to “inflict chaos on entire nations” for just hundreds to thousands of dollars^[1:3].

Attack Statistics

• 1,304 hyper-volumetric attacks in Q3 alone (54% increase from Q2)
• Attacks over 100 million packets per second up 189%
• Attacks exceeding 1 Tbps increased 227%
• 4% of HTTP attacks exceeded 1 million requests per second^[2]

Industry Impacts

DDoS attacks against AI companies surged 347% month-over-month in September 2025, coinciding with increased public concern over AI risks^[1:4]. The Mining, Minerals & Metals industry jumped 24 spots in target rankings amid EU-China tensions over rare earth minerals and EV tariffs^[1:5].

Geographic Trends

Indonesia maintained its position as the leading source of DDoS attacks globally, holding the top spot for a full year. The country’s share of HTTP DDoS attack traffic has grown by 31,900% since 2021^[1:6].

Attack Types

UDP floods led network-layer attacks with a 231% quarterly increase, followed by DNS floods, SYN floods, and ICMP floods^[1:7]. Nearly 70% of HTTP DDoS attacks came from known botnets, with 20% originating from fake or headless browsers^[1:8].