Cloudflare has successfully blocked the largest DDoS attack ever recorded, peaking at a staggering 22.2 terabits per second, without any service disruption.
Quick Summary – TLDR:
- Cloudflare mitigated a 22.2 Tbps DDoS attack, the largest in history
- The attack lasted only 40 seconds but reached 10.6 billion packets per second
- AI-powered autonomous systems detected and neutralized the threat in real-time
- The attack may be tied to the evolving AISURU botnet, using over 300,000 infected devices
What Happened?
Cloudflare announced it had autonomously mitigated the largest DDoS attack ever recorded, absorbing a peak of 22.2 terabits per second and 10.6 billion packets per second. Lasting just 40 seconds, the record-breaking incident underscores the alarming rise of hyper-volumetric cyberattacks and the growing need for real-time, automated defenses.
Cloudflare just autonomously blocked hyper-volumetric DDoS attacks twice as large as anything seen on the Internet before — peaking at 22.2 Tbps & 10.6 Bpps. Can your mitigation provider’s scrubbing capacity handle that scale? pic.twitter.com/cSYiPZ8WA8
— Cloudflare (@Cloudflare) September 22, 2025
The Largest DDoS Attack Yet
This massive attack more than doubled the previous record of 11.5 Tbps set just weeks prior in early September. Unlike earlier DDoS events that lasted longer, this was a “hit-and-run” style assault, lasting only 40 seconds. The goal of such attacks is to overwhelm systems before defenses can even activate.
- Previous records: 11.5 Tbps (September), 7.3 Tbps (June)
- June’s attack: Equaled 37.4 TB of data in just 45 seconds
- Comparison: Equivalent to streaming over 9,000 HD movies simultaneously
The attack was also multi-vector, using various techniques to maximize impact. These types of attacks typically come from large botnets made up of compromised routers, IoT devices, and enterprise systems.
Cloudflare’s Real-Time Response
Cloudflare’s systems detected and blocked the attack autonomously, without any human intervention. This incident highlights a major evolution in cybersecurity: machine-speed threats now require machine-speed defenses.
- Cloudflare used its global network to stop the attack at the edge, near its source.
- Legacy mitigation methods relying on manual intervention or “scrubbing centers” would likely have failed.
- Services remained online and unaffected during the entire event.
Cloudflare emphasized the importance of network capacity and automated threat detection in withstanding modern attacks of this magnitude.
Who Was Behind It?
While Cloudflare has not confirmed the source, the scale and complexity resemble patterns seen in attacks linked to the AISURU botnet, a powerful DDoS and proxy network. AISURU was previously associated with the 11.5 Tbps attack, and is believed to control over 300,000 infected devices.
This botnet is known to exploit unpatched routers and outdated firmware, with a footprint that includes devices from brands like Totolink, Cambium, and Zyxel. AISURU has also been evolving toward monetized proxy services, making it both a DDoS engine and a commercial tool for other malicious actors.
How to Stay Protected?
As attackers continue to scale their efforts, Cloudflare recommends the following best practices for internet users and businesses:
- Update router firmware regularly.
- Replace end-of-life devices with ones that receive security updates.
- Disable remote administration and WAN access if not essential.
- Change default passwords to strong, unique credentials.
SQ Magazine Takeaway
I’ve covered many DDoS attacks over the years, but this one genuinely stands out. It’s not just the size that’s shocking, it’s the fact that something this huge can be thrown at a system and blocked without a hiccup. That tells you how critical automated, AI-driven cybersecurity is today. If your infrastructure still relies on traditional defenses, you are playing a dangerous game. The future of cyber defense isn’t just about having strong walls, it’s about having smart ones that act instantly. Cloudflare just set the new bar.
