Wednesday , July 1 2026
31.4

Aisuru botnet hits record 31.4 Tbps DDoS attack breaks new world record

The Aisuru/Kimwolf botnet launched the largest known DDoS attack, reaching a peak of 31.4 terabits per second (Tbps). The massive attack known as “The Night Before Christmas” began on December 19, 2025, hitting Cloudflare’s infrastructure and customers with high-volume DDoS attacks. It featured record bandwidth Layer 4 attacks and HTTP floods over 200 million requests per second.

The “Night Before Christmas” attack raised the DDoS threat level significantly, exceeding the record of 29.7 Tbps set by the same Aisuru botnet in September 2025.

Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface (CLI), compromising...
Read More
Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

Chrome Update Patches 382 Vulnerabilities, Including 15 Critical

Chrome 151 has a new update that fixes 382 security problems. This includes 15 critical issues that could allow attackers...
Read More
Chrome Update Patches 382 Vulnerabilities, Including 15 Critical

Apple fixes more than 30 iOS, macOS, and Safari flaws

Apple released security updates on Monday for iOS, macOS, and Safari. These updates fix more than thirty issues, including four...
Read More
Apple fixes more than 30 iOS, macOS, and Safari flaws

Attackers exploit critical flaw in Oracle E-Business

Attackers are now using a flaw (called CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial app, according to the security...
Read More
Attackers exploit critical flaw in Oracle E-Business

WhatsApp to allow usernames instead of phone numbers

WhatsApp is about to release a big update that may change how people communicate on the app. Soon, users can...
Read More
WhatsApp to allow usernames instead of phone numbers

Linux Unveils New Open Source Security Project “Akrites” For (OSS) Ecosystem

The Linux Foundation said on Thursday that they are starting a new project to fix flaws in open source software...
Read More
Linux Unveils New Open Source Security Project “Akrites” For (OSS) Ecosystem

Data breach affects 14.2 million email logins across six ISPs

KDDI Corporation, a Japanese telecom company, revealed a data breach. Hackers got into one of its email systems that five...
Read More
Data breach affects 14.2 million email logins across six ISPs

Asian Two AI startups launch Mythos-like Model

Two Asian AI companies have released new models this week that compete with Anthropic’s recently limited Mythos and Fable models,...
Read More
Asian Two AI startups launch Mythos-like Model

Polymarket Hack Reportedly Results in $3 Million Theft

Polymarket is a platform for prediction markets using cryptocurrency. It lets users bet on what might happen in real-life events...
Read More
Polymarket Hack Reportedly Results in $3 Million Theft

Anthropic Confirms US Infrastructure Redeployment of Claude Mythos 5

Anthropic said that Claude Mythos 5, its strongest AI security model, will be sent back to some U.S. orgs that...
Read More
Anthropic Confirms US Infrastructure Redeployment of Claude Mythos 5

The campaign used hacked Android TV devices to create massive traffic, relying on millions of unofficial streaming boxes.

The 31.4 Tbps peak would exceed the capacity of most DDoS mitigation providers. Competitors like Akamai Prolexic (20 Tbps), Netscout Arbor Cloud (15 Tbps), and Imperva (13 Tbps) could experience bandwidth utilization rates of 150-240%.

Attack Distribution and Characteristics:

The attack involved many smaller strikes that showed careful planning by the botnet operators.

Analysis revealed that 90.3% of attacks peaked between 1-5 Tbps, 5.5% hit 5-10 Tbps, and only 0.1% surpassed 30 Tbps. Regarding packet rates, 94.5% generated 1-5 billion packets per second (Bpps), 4% peaked at 5-10 Bpps, and 1.5% reached 10-15 Bpps.

Attack patterns favored quick, intense bursts to overwhelm defenses before any countermeasures could be activated. Only 9.7% of attacks lasted under 30 seconds, 27.1% lasted 30-60 seconds, and the majority, 57.2%, lasted 60-120 seconds.

Only 6% of attacks lasted over two minutes, indicating that botnet operators preferred quick strikes instead of prolonged efforts.

The campaign clearly targeted critical infrastructure and high-value sectors. Gaming companies were hit hardest, facing 42.5% of the hyper-volumetric attacks, while Information Technology and Services organizations accounted for 15.3%.

Telecom companies made up 2.2% of targets, while internet service providers, gambling operations, and software firms were the other main targets.

Attacks were concentrated on key internet hubs and economic centers. The U.S. experienced 30.8% of all major network-layer attacks, making it the top target, followed by China with 7.7% and Hong Kong with 3.2%.

Attack Infrastructure Sources:

In Q4 2025, the origins of online attacks changed significantly. Bangladesh became the top source of DDoS attacks, replacing Indonesia, which fell to third place. Ecuador ranked second, and Argentina improved by 20 spots to fourth.

Significant attack sources were Hong Kong (5th), Ukraine (6th), Vietnam (7th), Taiwan (8th), Singapore (9th), and Peru (10th). Russia dropped five ranks to tenth, and the U.S. fell four spots to sixth.

Analysis of attack sources showed that threat actors mainly used cloud computing platforms and telecom networks.

Cloud providers like DigitalOcean, Microsoft, Tencent, Oracle, and Hetzner are primary sources of attacks, making up 50% of the top 10 networks and highlighting the risk of easily-accessible virtual machines for large-scale attacks.

Traditional telecom providers in the Asia-Pacific region, especially from Vietnam, China, Malaysia, and Taiwan, were the main sources. Cloudflare’s “Night Before Christmas” campaign showed its strength, achieving 449 Tbps in mitigation capacity at 330 locations.

Bangladesh Ranked #1 in Global DDoS Attack Traffic Source

Check Also

Tata

India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record

A cyber attack seems to have affected one of India’s top electronics companies. Tata Electronics …