On October 24, 2025, Microsoft Azure weathered the largest Distributed-Denial-of-Service (DDoS) attack ever recorded in the cloud. This massive digital assault, peaking at 15.72 Terabits per second (Tbps) and nearly 3.64 billion packets per second (pps), targeted a single endpoint in Australia.
Fortunately, according to Microsoft, its Azure global protection system automatically caught and filtered out the flood, keeping the customer’s services fully operational.
The Growing Aisuru Threat
The attack originated from the Aisuru botnet, which security firm Netscout calls a “Turbo Mirai-class” threat, which means the botnet can generate multi-TB/sec and -gpps direct-path DDoS attacks.
Aisuru, first spotted in August 2024, has since infected at least 700,000 IoT systems, such as home routers and security cameras. Its scale is stunning: besides the Microsoft incident, Aisuru was also linked to a huge 22.2 Tbps DDoS attack that Cloudflare mitigated in September 2025 and a 6.3 Tbps attack targeting investigative journalist Brian Krebs’s cybersecurity blogsite KrebsOnSecurity in May. Attacks of this magnitude were simply unheard of until recently.
Furthermore, it has been disruptive for US-based Internet Service Providers (ISPs) like AT&T, Comcast and Verizon. Attacks launched from infected customer devices have caused outbound traffic surges over 1.5 Tbps, which can be so extreme that they degrade service for other customers and even cause physical hardware failure in routers.
It’s worth noting that Aisuru’s operators, according to Netscout, restrict their targets, avoiding governmental, military, and law enforcement properties. This self-imposed rule is likely a way to stay under the radar and preserve the service’s criminal viability.
The Botnet’s Lucrative New Business
Cybercriminals behind the Aisuru botnet have moved past just offering simple DDoS-for-hire services for things like game servers, as it recently targeted Minecraft servers. They’ve updated their malware to focus on a more sustainable, hidden income stream: renting out the infected devices as ‘residential proxies.’
For your information, a residential proxy lets paying clients, often cybercriminals, hide their malicious activity by channelling it through a regular person’s home internet device. This makes the bad traffic look legitimate, which is much harder to block.
This shady business now heavily supports aggressive data harvesting for AI projects and content scraping. This activity is so widespread that on October 22, social media giant Reddit sued proxy providers, including Oxylabs, alleging they allowed mass-scraping of user data. Other botnets, like BADBOX 2.0, are adding to this growing problem.
The way these devices are infected sometimes involves Software Development Kits (SDKs), which refer to code bundled into other apps that silently turn a user’s device into a traffic relay, with their operators earning a commission.
The DDoS attack and spread of the Aisuru botnet go on to show that the poorly secured IoT devices in our homes are increasingly being turned into malicious tools, threatening not only the internet but even the unsuspecting users around the world.