The digital battlefield has just seen its most devastating assault yet. A botnet orchestrated what Cloudflare is calling the largest DDoS attack ever recorded, peaking at 31.4 terabits per second during a campaign dubbed 'The Night Before Christmas'* in late 2025. The attack, attributed to the Aisuru/Kimwolf botnet, targeted Cloudflare’s infrastructure and clients with a volume of traffic so massive it eclipses prior records by orders of magnitude.
The onslaught wasn’t just a one-off spike—it was a sustained barrage. Over 94% of the attack’s packets were delivered in bursts of 1 to 5 billion packets per second, with 58% of those strikes lasting between 1 and 2 minutes. Such hyper-volumetric assaults, once rare, are now becoming the norm, with Cloudflare noting a 58% year-over-year increase in DDoS activity alone in the final quarter of 2025.
The New Face of Cyberwarfare
What makes this attack particularly alarming isn’t just its scale, but its origin. The botnet leveraged global cloud infrastructure—including providers like DigitalOcean, Microsoft Azure, Tencent Cloud, Oracle, and Hetzner—to amplify its reach. Cloudflare’s report highlights a disturbing trend: threat actors are increasingly using easily provisioned virtual machines to launch high-volume attacks, turning public cloud services into unwitting accomplices.
The top sources of these attacks read like a roster of the internet’s most powerful networks. Bangladesh, Ecuador, Indonesia, Argentina, and Hong Kong dominated the list of attack origins, while China, Hong Kong, Germany, and Brazil were the most targeted regions. The U.S. ranked fifth, just behind the UK, underscoring that no major economy is immune.
Who’s in the Crosshairs?
Telecommunications providers bore the brunt of these assaults, accounting for 42% of attacks, but gaming isn’t far behind. While only 2% of attacks directly targeted gaming services in Q4 2025, recent incidents—such as the coordinated DDoS campaign against Arc Raiders developer Embark—prove that even niche industries are vulnerable. The report suggests that as botnets grow more sophisticated, no sector is safe.
Defending Against the Storm
Cloudflare’s new real-time botnet detection system claims to have mitigated over 50% of HTTP-based DDoS attacks, but the cat-and-mouse game between defenders and attackers shows no signs of slowing. With each quarter bringing new records, the question isn’t if the next assault will surpass 31.4 Tbps—it’s when*.
For businesses and cloud providers, the message is clear: the tools of tomorrow’s cyberwars are being built today. And they’re getting bigger.
