Azure Withstands Largest Cloud-Based DDoS Assault Ever 

Key Takeaways

• The Record: A massive 15.72 Tbps attack targeting Azure on 24 October 2025.
• The Source: The "Aisuru" botnet, utilising 500,000+ compromised IoT devices.
• The Outcome: Azure's automated defences mitigated the attack with no client downtime.

A cloud DDoS attack targeting Microsoft Azure set a new record for scale. On 24 October 2025, Azure was hit by a massive flood of network traffic, peaking at 15.72 terabits per second (Tbps) and nearly 3.64 billion packets per second, directed at a single public-IP endpoint in Australia.

What caused the attack?

The attack was carried out by a botnet, known as Aisuru botnet, which used more than 500,000 source IPs from compromised IoT devices worldwide (home routers, cameras, etc.). The traffic consisted mainly of high-rate UDP floods.

Did the attack cause downtime?

Despite the unprecedented volume, Azure’s built-in DDoS-protection infrastructure automatically detected and mitigated the attack in real time, preventing any disruption to customer workloads. According to Microsoft, no clients experienced downtime as a result of the incident.

Why is this significant?

This event marks what Microsoft describes as the largest cloud-based DDoS attack ever observed. It underscores the growing capabilities of botnets exploiting IoT devices, as well as the escalating scale of DDoS threats as internet bandwidth and device counts increase globally. The attack also serves as a reminder that even massive infrastructure providers are targets, and that robust, automated mitigation systems are becoming essential.

Organisations using cloud services should ensure their DDoS protections are active, up to date, and properly configured, especially when exposing public endpoints.