‘Largest-ever’ cloud DDoS attack pummels Azure with 3.64B packets per second
Summary
Microsoft says Azure automatically detected and mitigated what it calls the largest cloud-based DDoS attack on 24 October: a 15.72 Tbps flood delivering nearly 3.64 billion packets per second to a single endpoint in Australia. The attack was attributed to the Mirai-derived Aisuru botnet, which used over 500,000 source IPs (mainly compromised home routers and cameras). Microsoft reports no customer service interruptions because its DDoS protection neutralised the traffic surge.
Key Points
- Azure faced a 15.72 Tbps UDP flood — about 3.64 billion packets per second — on 24 October.
- The attack targeted one Australian endpoint and came from 500,000+ source IPs, mainly IoT devices.
- Aisuru, a Mirai-based botnet active since 2024, is the suspected actor and has been growing in capacity.
- Microsoft’s cloud DDoS protection auto-detected and mitigated the event with no reported customer impact.
- Industry telemetry (eg Cloudflare) shows a broader rise in DDoS activity — attackers are scaling with the internet.
Content summary
On 24 October, Azure’s DDoS protection service auto-detected an enormous UDP flood hitting a single endpoint in Australia. Microsoft says the attack measured 15.72 Tbps and peaked at nearly 3.64 billion packets per second. The traffic originated from more than half a million IP addresses — primarily compromised consumer routers and cameras — and has been linked to the Aisuru botnet, a Mirai descendant that has been responsible for multiple record-setting attacks since its emergence in 2024. Microsoft reported no service interruptions thanks to automated mitigation. Observers note Aisuru’s capabilities have been increasing (Netscout warned of >20 Tbps potential), and broader industry reports show DDoS incidents rising year over year.
Context and Relevance
This incident underlines how rapidly DDoS attack scale is growing and why robust, automated cloud mitigation is essential. Network teams, cloud architects and CISOs should note three things: the continuing vulnerability of consumer IoT devices as botnet fodder; the necessity for scalable network defences that can handle multi‑Tbps floods; and the operational impact of attacks that target single endpoints to attempt service disruption or ancillary effects like DNS ranking manipulation. The episode also ties into a wider trend: providers such as Cloudflare have reported significant year-on-year increases in attack volumes.
Why should I read this?
Because if you run services on the internet, this is exactly the kind of nightmare you want to learn from — massive packet floods, IoT botnets, and the need for proper automated defences. It shows how nasty and noisy modern DDoS is getting, and why leaving defences to chance isn’t an option.
Author style
Punchy. This is important — huge scale, real-world mitigation, and a clear sign the threat is escalating. If your role touches networking, cloud availability or incident response, dig into the detail.