Record-Breaking DDoS Attack by Aisuru/Kimwolf Botnet Peaks at 31.4 Tbps
On December 19, Cloudflare mitigated a historic distributed denial-of-service (DDoS) attack launched by the Aisuru (also known as Kimwolf) botnet, reaching an unprecedented 31.4 Tbps and 200 million requests per second (rps). The campaign, dubbed "The Night Before Christmas," targeted telecommunications providers, IT organizations, and Cloudflare’s own infrastructure with hyper-volumetric HTTP and Layer 4 DDoS attacks.
This attack surpassed Aisuru’s previous record of 29.7 Tbps, set earlier, and another Microsoft-attributed assault peaking at 15.72 Tbps from 500,000 IP addresses. Over 90% of the attacks in the campaign peaked between 1-5 Tbps, with most lasting 1-2 minutes. Despite their scale, Cloudflare’s automated systems detected and mitigated them without triggering internal alerts.
The botnet’s power stems from compromised IoT devices and routers, though the December attacks primarily originated from Android TVs. Cloudflare’s 2025 Q4 DDoS Threat Report revealed a 121% year-over-year increase in DDoS attacks, with 47.1 million incidents recorded in 2025 averaging 5,376 attacks per hour. Network-layer attacks dominated (73%), while HTTP-based assaults made up the remainder.
The most targeted industries included telecommunications, IT services, gambling, and gaming, with China, Hong Kong, Germany, Brazil, and the U.S. bearing the brunt of attacks. Bangladesh was the largest source of attacks, followed by Ecuador, Indonesia, and Argentina, while Russia dropped to 10th place. The report also noted a 600% increase in network-layer attacks exceeding 100 million packets per second (Mpps) and a 65% quarter-over-quarter rise in attacks over 1 Tbps. Over 71.5% of HTTP DDoS attacks were linked to known botnets.
Cloudflare cybersecurity rating report: https://www.rankiteo.com/company/cloudflare
"id": "CLO1769705152",
"linkid": "cloudflare",
"type": "Cyber Attack",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Technology',
'name': 'Cloudflare',
'type': 'Cybersecurity Infrastructure Provider'},
{'industry': 'Telecommunications',
'type': 'Telecommunications providers'},
{'industry': 'Information Technology',
'type': 'IT organizations'},
{'industry': ['Gambling', 'Gaming'],
'type': 'Gambling and gaming industries'}],
'attack_vector': ['HTTP DDoS', 'Layer 4 DDoS'],
'date_detected': '2024-12-19',
'description': 'On December 19, Cloudflare mitigated a historic distributed '
'denial-of-service (DDoS) attack launched by the Aisuru (also '
'known as Kimwolf) botnet, reaching an unprecedented 31.4 Tbps '
'and 200 million requests per second (rps). The campaign, '
"dubbed 'The Night Before Christmas,' targeted "
'telecommunications providers, IT organizations, and '
'Cloudflare’s own infrastructure with hyper-volumetric HTTP '
'and Layer 4 DDoS attacks.',
'impact': {'operational_impact': 'Automated mitigation without triggering '
'internal alerts',
'systems_affected': ['Telecommunications providers',
'IT organizations',
'Cloudflare infrastructure']},
'post_incident_analysis': {'root_causes': 'Compromised IoT devices and '
'routers, primarily Android TVs'},
'references': [{'source': 'Cloudflare 2025 Q4 DDoS Threat Report'}],
'response': {'containment_measures': 'Automated systems mitigated attacks '
'without triggering internal alerts',
'incident_response_plan_activated': 'Automated detection and '
'mitigation'},
'threat_actor': 'Aisuru/Kimwolf Botnet',
'title': 'Record-Breaking DDoS Attack by Aisuru/Kimwolf Botnet Peaks at 31.4 '
'Tbps',
'type': 'DDoS',
'vulnerability_exploited': 'Compromised IoT devices and routers, primarily '
'Android TVs'}