Hackers Breaking Internet with 7.3 Tbps and 4.8 Billion Packets Per Second DDoS Attack

The cybersecurity landscape has witnessed a paradigm shift in 2025, with Distributed Denial of Service (DDoS) attacks reaching unprecedented levels of scale and sophistication.

The second quarter of 2025 has marked a historic milestone with the largest DDoS attack ever recorded, demonstrating the evolving nature of digital threats and the critical importance of robust cybersecurity infrastructure.

In mid-May 2025, Cloudflare successfully mitigated the largest DDoS attack in history, reaching a staggering 7.3 terabits per second (Tbps) and 4.8 billion packets per second (Bpps).

This monumental attack lasted just 45 seconds but delivered an astounding 37.4 terabytes of data to its target, equivalent to over 9,350 full-length HD movies or 7,480 hours of high-definition video compressed into less than a minute.

The attack targeted an unnamed hosting provider using Cloudflare’s Magic Transit service, highlighting the ongoing pressure on critical infrastructure from increasingly sophisticated threat actors.

The assault was multi-vector in nature, with 99.996% of the traffic consisting of UDP floods. In comparison, the remaining 0.004% included a combination of QOTD reflection attacks, Echo reflection attacks, NTP reflection attacks, Mirai UDP flood attacks, portmap floods, and RIPv1 amplification attacks.

The Q2 2025 data reveals a dramatic escalation in hyper-volumetric DDoS attacks, defined as those exceeding 1 terabit per second (Tbps) or 1 billion packets per second (Bpps).

Cloudflare blocked over 6,500 such attacks during the quarter, averaging 71 hyper-volumetric attacks per day, a significant increase from previous periods.

Key statistics from Q2 2025:

• The number of hyper-volumetric attacks exceeding 100 million packets per second surged by 592% compared to the previous quarter.
• Attacks exceeding 1 billion packets per second and 1 terabit per second doubled from the previous quarter.
• 5 out of every 10,000 L3/4 DDoS attacks exceeded 1 Tbps, representing a 1,150% quarter-over-quarter increase.

Dramatic Attack Volume Increases

The overall DDoS threat landscape has experienced explosive growth in 2025. In the first quarter alone, Cloudflare mitigated 20.5 million DDoS attacks, representing a staggering 358% year-over-year increase.

By the halfway point of 2025, the total number of blocked attacks had already reached 27.8 million, equivalent to 130% of all DDoS attacks blocked in the entire year of 2024.

Multiple factors, including geopolitical tensions, the proliferation of IoT devices, and the increasing sophistication of cybercriminal operations have driven this surge.

The telecommunications sector has emerged as the primary target, jumping to first place as the most attacked industry in Q2 2025.

Modern DDoS attacks have evolved beyond simple volumetric assaults to incorporate sophisticated multi-vector approaches.

The record-breaking 7.3 Tbps attack originated from over 122,145 source IP addresses spanning 5,433 autonomous systems across 161 countries, with the top sources including Brazil, Vietnam, Taiwan, China, and Indonesia.

Attack composition analysis:

• DNS floods dominated L3/4 attacks, accounting for nearly one-third of all network-layer DDoS attacks.
• SYN floods remained the second most common vector at 27%.
• UDP floods grew significantly, rising from 9% to 13% quarter-over-quarter.
• Application-layer attacks increased by 74% in Q2 2025, with financial services firms being the biggest target.

Botnet Evolution and Scale

The emergence of massive botnets has further complicated the threat landscape. In Q2 2025, researchers observed the largest DDoS botnet ever recorded, consisting of 4.6 million infected devices—nearly 20 times larger than the biggest botnet detected in 2024.

This represents a 3.5-fold increase from the previous record and demonstrates the exponential growth in botnet capabilities.

The geographic distribution of these botnets has become increasingly diverse, with Brazil accounting for 29.7% of devices, followed by the United States (12.1%), Vietnam (7.9%), India (2.9%), and Argentina (2.8%).

This global distribution makes detection and mitigation more challenging for cybersecurity professionals.

The targeting patterns of DDoS attacks have shifted significantly in 2025. The telecommunications sector experienced a 136% year-over-year growth in attacks, becoming the most targeted industry in the Asia-Pacific region.

This shift reflects the strategic importance of communication infrastructure in modern society and the potential for maximum disruption.

Top targeted industries in Q2 2025:

1. Telecommunications, Service Providers, and Carriers – climbed to first place.
2. Internet sector – jumped two spots to second place.
3. Information Technology & Services – maintained third position.
4. Gaming – rose one spot to fourth place.
5. Banking & Financial Services – remained in sixth place.

Geographically, China reclaimed first place among the most attacked locations, with Brazil jumping four spots to second place.

The ranking shifts demonstrate the global nature of the threat and the need for international cooperation in cybersecurity efforts.

The successful mitigation of these record-breaking attacks demonstrates the critical importance of advanced, autonomous defense systems.

Cloudflare’s network, with 388 Tbps capacity across 330+ cities worldwide, was able to detect and block the 7.3 Tbps attack across 477 data centers in 293 locations without human intervention.

The speed and scale of modern attacks make manual mitigation virtually impossible. With attacks lasting as little as 45 seconds and reaching unprecedented volumes, only automated, always-on protection systems can provide adequate defense against these threats.

The cybersecurity industry must prepare for continued escalation in DDoS attack sophistication and scale.

The emergence of AI-enhanced attack tools, the proliferation of IoT devices, and increasing geopolitical tensions all contribute to a threat environment that shows no signs of abating.

Organizations across all sectors must invest in robust, cloud-based DDoS protection services that can scale to meet these evolving threats.

The era of reactive cybersecurity is over; proactive, automated defense systems are now essential for business continuity in an increasingly hostile digital environment.

The record-breaking attacks of 2025 serve as a stark reminder that cybersecurity is not just an IT concern but a fundamental business risk that requires board-level attention and investment.

As threats continue to evolve at an unprecedented pace, the organizations that survive and thrive will be those that embrace comprehensive, always-on security solutions capable of defending against the next generation of cyber threats.

Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now