Source: BleepingComputer
The Aisuru/Kimwolf botnet has shattered previous records with a devastating distributed denial of service (DDoS) attack that peaked at 31.4 Tbps and 200 million requests per second-the largest DDoS attack ever publicly disclosed.
The Night Before Christmas Campaign
Cloudflare detected and mitigated this unprecedented attack on December 19, 2025, naming it “The Night Before Christmas” campaign. The attack targeted multiple telecommunications service providers and IT organizations in what Cloudflare described as an “unprecedented bombardment.”
This latest attack surpasses Aisuru’s own previous record of 29.7 Tbps and dwarfs another Microsoft-attributed attack from the same botnet that peaked at 15.72 Tbps using 500,000 IP addresses.
Attack Characteristics
Key statistics from the campaign:
- Peak bandwidth: 31.4 Terabits per second
- Peak request rate: 200 million requests per second
- Attack duration: Most attacks lasted 1-2 minutes (only 6% longer)
- Attack size distribution: 90% peaked between 1-5 Tbps
- Packet rate: ~94% ranged from 1-5 billion packets per second
- Attack source: Compromised Android TV devices
Despite the massive scale, Cloudflare reports that all attacks were detected and mitigated automatically without triggering internal alerts-a testament to modern DDoS mitigation capabilities.
2025 DDoS Landscape
Cloudflare’s 2025 Q4 DDoS Threat Report reveals alarming trends:
- 121% increase in DDoS attacks compared to 2024
- 47.1 million total DDoS incidents in 2025
- 5,376 attacks per hour mitigated on average
- 600% increase in network-layer attacks exceeding 100 Mpps
- 65% QoQ increase in attacks larger than 1 Tbps
Top Attack Sources and Targets
The largest attack sources were Bangladesh, Ecuador, and Indonesia, with Argentina jumping to fourth place while Russia dropped to tenth. Most targeted countries included China, Hong Kong, Germany, Brazil, and the United States.
Industries most affected in Q4 2025 were telecommunications, IT services, gambling/casinos, and gaming companies.
Key Takeaways
The Aisuru botnet’s evolution from compromised IoT devices and routers to now leveraging Android TV devices demonstrates the expanding attack surface available to threat actors. Organizations should ensure robust DDoS protection is in place and monitor for compromised devices on their networks that could be contributing to these massive botnets.
