Microsoft has confirmed that Azure DDoS Protection stopped what is now considered the largest cloud-based DDoS attack ever recorded. The incident took place on October 24, 2025, when Azure systems detected a multi-vector assault that peaked at 15.72 Tbps and nearly 3.64 billion packets per second. The attack targeted a single public endpoint in Australia, yet Azure’s global filtering network kept services online throughout the event.
According to Microsoft’s report, the attack originated from the Aisuru botnet, a Turbo Mirai class network made up of compromised home routers and internet-connected cameras.
The botnet launched massive UDP floods from more than 500,000 IP addresses. The traffic included little spoofing and used random source ports, which Microsoft says helped simplify traceback efforts.
Security researchers noted that the scale of the attack shows how quickly DDoS capabilities are growing. As high-speed home fiber becomes more common and IoT devices gain more processing power, attackers have more bandwidth and stronger tools at their disposal, pushing attack sizes higher each year.
With the holiday period approaching, a time when DDoS attacks often become more frequent, Microsoft is urging organizations to review their defenses. The company advises ensuring that all internet-facing systems and workloads are adequately protected against increasingly powerful DDoS campaigns.