Botnet Shatters Cyberattack Records

A botnet named Aisuru, also referred to as Kimwolf, has recently achieved an unprecedented milestone in cyber warfare, launching a Distributed Denial-of-Service (DDoS) attack that peaked at an astonishing 31.4 terabits per second (Tbps). This event, recorded on December 19, involved an "unprecedented bombardment" of 200 million requests per second, marking the largest publicly disclosed attack of its kind. Aisuru's immense power stems from an estimated one to four million infected hosts globally, encompassing everyday consumer devices such as routers and online CCTV systems.

The operators of Aisuru actively scan the internet for vulnerable devices, exploiting default credentials and exposed ports to enlist them into the botnet. This botnet-for-hire model allows anyone to rent its capacity, with prices ranging from a few hundred to a few thousand dollars, posing a significant threat to backbone networks and essential services. Aisuru is not limited to DDoS attacks; it also facilitates other illicit activities like credential stuffing, AI-driven web scraping, spamming, and phishing.

Cloudflare's 2025 Q3 DDoS threat report identified Aisuru as the "apex of botnets," commonly targeting telecoms, gaming companies, hosting providers, ISPs, and financial services. The botnet surpassed its previous record of 29.7 Tbps, with over 47 million DDoS attacks recorded in 2025, a 121% increase year-over-year. This exponential growth in botnet power underscores the critical need for robust digital infrastructure protection, especially given global economies' heavy reliance on stable connectivity.