A surge of traffic unprecedented to the public internet occurred in November 2025 for thirty five seconds. The acceleration was immediate and absolute, peaking at 31.4 terabits per second before dissipating nearly as quickly as it formed. As the result of the AISURU botnet, also known as Kimwolf, the event demonstrated the use of distributed infrastructure to achieve extreme bandwidth saturation over a short period of time.
Cloudflare has released findings indicating that the incident was the largest distributed denial of service attack disclosed to date as well as contributing to an overall rise in hyper volumetric HTTP DDoS activity observed during the year 2025. In contrast to being an isolated outlier, the November spike is associated with a sustained upward trend in both the scale and operational speed of large-scale DDoS campaigns.
Throughout the year, Cloudflare’s telemetry indicated significant increases in attack frequency and intensity, culminating in a sharp increase in hypervolumetric incidents during the fourth quarter. There has been an increase in observed attack sizes by more than 700 percent since late 2024, reflecting a significant change in bandwidth resources and orchestration techniques available to contemporary botnet operators as compared to late 2024.
31.4 Tbps burst was attributed to AISURU Kimwolf infrastructure, which researchers have linked with multiple coordinated campaigns in 2025.
Automated traffic analysis and inline filtering systems helped spot and mitigate the November event, proving how relying on them is becoming more important to combat high speed volumetric floods.
This botnet was also involved in the operation that began on December 19, which has been referred to as The Night Before Christmas.
At the peak of that campaign, attack volumes were measured at approximately 3 billion packets per second, 4 Tbps of throughput, and 54 million HTTP requests per second.
The peak rates were 9 billion packets a second, 24 Tbps, and 205 million requests a second, which shows simultaneous exploitation of application and network layer vectors. These year-end metrics help you understand the operational environment that inspired these campaigns.
According to Cloudflare, DDoS activity increased by 121 percent during 2025, with defensive systems mitigating an average of 5,376 attacks per hour. The number of aggregated attacks exceeded 47.1 million, more than doubling that of the previous year.
It is estimated that 34.4 million network layer attacks took place in the fourth quarter, an increase from 11.4 million in 2024.
These attacks accounted for 78 percent of all DDoS activity. During the last quarter, DDoS incidents increased 31 percent, while year over year, they increased by 58 percent, suggesting a sustained expansion instead of episodic surges.
A distinctive component of that growth curve was hyper volumetric attacks. In the fourth quarter alone, 1,824 such incidents were recorded, as compared to 1,304 recorded in the previous quarter and 717 during the first quarter. As a result, attack volumes increased severalfold within a single annual cycle, and not only the frequency of attacks has increased, but the amplitude has also increased notably.
Combined, the data indicates that the threat landscape has been enhanced by compressed attack windows, increased packet rates, and unprecedented throughput levels, which reinforces concerns that
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: