Microsoft has disclosed that its Azure platform was hit by the largest-ever cloud distributed denial-of-service (DDoS) attack, originating from a Turbo Mirai-class IoT botnet called Aisuru.
“On October 24, 2025, Azure DDOS Protection automatically detected and mitigated a multi-vector DDoS attack measuring 15.72 Tbps and nearly 3.64 billion packets per second (pps),” the Windows giant stated. “This was the largest DDoS attack ever observed in the cloud and it targeted a single endpoint in Australia.”
Aisuru botnet leverages residential ISP networks and operates a DDoS-for-hire operation that allows other nefarious threat actors to target their choice organizations on demand.
Microsoft Azure hit by the largest cloud DDoS attack
According to the Azure Infrastructure blog, the DDoS attack leveraged over 500,000 IP addresses, mainly from compromised residential smart devices and routers worldwide and reached staggering speeds of up to 15.72 terabits per second (Tbps) and nearly 3.64 billion packets per second (pps).
“The attack originated from Aisuru botnet. Aisuru is a Turbo Mirai-class IoT botnet that frequently causes record-breaking DDoS attacks by exploiting compromised home routers and cameras, mainly in residential ISPs in the United States and other countries,” the company explained.
Aisuru frequently leverages compromised IP cameras, DVRs/NVRs, Realtek chips, and D-Link, Linksys, T-Mobile, and Zyxel routers to target organizations.
How Microsoft mitigated a high-speed DDoS attack on Azure
Despite its impressive speed and bandwidth, the DDoS attack applied minimal spoofing and used random source ports, thus simplifying its traceability.
Subsequently, Microsoft mitigated it by leveraging its “globally distributed DDoS Protection infrastructure and continuous detection capabilities,” the company stated.
Consequently, the DDoS attack did not interrupt customers’ operations as it was effectively filtered and redirected with no downtime detected.
Mirai-based Aisuru IoT botnet strikes again
The DDoS attack on Microsoft Azure cloud platform is hardly the first time threat actors have leveraged the Turbo Mirai-class IoT botnet to target victim organizations.
In September 2025, Cloudflare mitigated a similar DDoS attack leveraging the same Aisuru botnet, reaching 11.5 terabits per second (Tbps) and 5.1 billion UDP packets per second (Bpps).
In the same month, Chinese cybersecurity firm Qi’anxin’s XLab recorded another Aisuru-based DDoS attack reaching 11.5 Tbps and using 300,000 bots.
“Since March of this year, XLab’s Cyber Threat Insight and Analysis System(CTIA) has continuously captured new samples of the botnet,” it explained.
In June 2025, KrebsOnSecurity was also hit by a DDoS attack stemming from the same Mirai-class IoT botnet, reaching speeds of up to 6.3 Tbps.
In November 2025, Cloudflare removed multiple domains linked to the Aisuru botnet from its “Top Domains” ranking. The malicious websites had exploited the company’s query traffic to boost their rankings, allowing them to send millions of requests without raising suspicion.
In 2024 alone, Cloudflare blocked roughly 21.3 million DDoS attacks targeting various customers worldwide and 6.6 million incidents targeting its own infrastructure.
According to its 2025 Q1 DDoS Report, DDoS attacks had increased by 198% quarter-over-quarter and 358% year-over-year, underscoring the need for DDoS protection. As home internet speeds continue to increase and smart devices multiply, DDoS attacks will inevitably escalate in both velocity and magnitude.

