Microsoft Acknowledges 15.7 Tbps DDoS Assault on Azure

Microsoft disclosed that its Azure cloud network was recently subjected to one of the largest distributed denial-of-service (DDoS) attacks ever documented, peaking at 15.72 terabits per second (Tbps).

The assault, which was specifically aimed at one public IP address located in Australia, was executed using traffic from more than 500,000 hacked devices globally on October 24.

Microsoft states that the attack stemmed from the Aisuru botnet, a rapidly expanding Turbo Mirai-based network of compromised home routers, cameras, and various IoT devices, mainly in residential ISPs across the United States and other nations. The botnet employed remarkably high-rate UDP floods that peaked at almost 3.64 billion packets per second (pps).

"The assault stemmed from the Aisuru botnet," Sean Whalen, Senior Product Marketing Manager for Azure Security, noted in a blog post on Monday. "These abrupt UDP bursts featured little source spoofing and utilized random source ports, making traceback easier and aiding provider enforcement."

A Botnet Responsible for Numerous Record Attacks

Aisuru has rapidly emerged as one of the most dreaded botnets of 2025, participating in a series of increasing attacks. Lately:

Aisuru, as reported by Cloudflare, initiated a 2 Tbps DDoS attack in September that hit 10.6 billion packets per second — although it lasted just 40 seconds, it was strong enough to compare to streaming a million 4K videos simultaneously.

• Qi'anxin, a Chinese cybersecurity company, announced a 5 Tbps attack from the identical botnet just a week prior.

• After attackers breached a TotoLink firmware server update, the botnet expanded, infecting approximately 100,000 devices.

This botnet exploits the weaknesses in IP cameras, DVR/NVR systems, routers from manufacturers such as T-Mobile, Zyxel, D-Link, and Linksys, as well as a range of Realtek-based devices in the US and elsewhere