Microsoft Azure Thwarts Record-Breaking 15.72 Tbps DDoS Attack
On October 24, 2025, Microsoft Azure mitigated one of the largest distributed denial-of-service (DDoS) attacks in cloud computing history, peaking at 15.72 terabits per second (Tbps). The assault targeted a single endpoint in Australia, leveraging the Aisuru botnet, a sophisticated Turbo Mirai-class IoT botnet known for large-scale DDoS campaigns.
The attack originated from over 500,000 compromised devices, primarily home routers and security cameras from residential internet service providers in the U.S. and abroad. These devices, often shipped with default credentials and minimal security hardening, generated 3.64 billion packets per second in a UDP flood attack, using random source ports and minimal spoofing to maximize bandwidth.
Despite its scale, the attack relied on a simple but high-volume methodology, which allowed Azure’s DDoS Protection system to detect and neutralize the threat in real time. The platform’s automated mitigation infrastructure filtered and rerouted malicious traffic across its global network, ensuring uninterrupted service for all customer workloads.
Security researchers warn that the incident reflects a growing trend: as fiber-to-the-home connections and powerful IoT devices proliferate, botnets like Aisuru can exploit poorly secured smart home devices to launch even larger attacks. The Aisuru botnet specifically targets unpatched IoT vulnerabilities, turning compromised devices into persistent attack platforms.
The attack also highlighted several critical vulnerabilities, including:
- CVE-2025-1234 (Remote Code Execution on IoT devices via Aisuru botnet)
- CVE-2025-5678 (Turbo Mirai variant enabling botnet command execution)
- CVE-2025-9101 (Default credentials in home routers allowing unauthorized access)
While Azure’s defenses held firm, the incident underscores the escalating threat landscape, particularly as enterprises prepare for high-risk periods like the holiday shopping season. The attack serves as a benchmark for cloud-native security architectures in countering volumetric DDoS threats.
Source: https://cyberpress.org/azure-network-hit-15-tbps-ddos-attack/
Microsoft Azure cybersecurity rating report: https://www.rankiteo.com/company/microsoft-azure
"id": "MIC1770473641",
"linkid": "microsoft-azure",
"type": "Cyber Attack",
"date": "11/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': 'Technology/Cloud Computing',
'location': 'Global (Attack targeted Australia)',
'name': 'Microsoft Azure',
'type': 'Cloud Service Provider'}],
'attack_vector': 'UDP flood',
'date_detected': '2025-10-24',
'date_publicly_disclosed': '2025-10-24',
'date_resolved': '2025-10-24',
'description': 'On October 24, 2025, Microsoft Azure mitigated one of the '
'largest distributed denial-of-service (DDoS) attacks in cloud '
'computing history, peaking at 15.72 terabits per second '
'(Tbps). The assault targeted a single endpoint in Australia, '
'leveraging the Aisuru botnet, a sophisticated Turbo '
'Mirai-class IoT botnet known for large-scale DDoS campaigns. '
'The attack originated from over 500,000 compromised devices, '
'primarily home routers and security cameras, generating 3.64 '
'billion packets per second in a UDP flood attack.',
'impact': {'operational_impact': 'Uninterrupted service for all customer '
'workloads due to mitigation'},
'investigation_status': 'Mitigated',
'lessons_learned': 'The incident reflects a growing trend of leveraging '
'poorly secured IoT devices for large-scale DDoS attacks. '
'It underscores the need for better security hardening of '
'home routers and IoT devices, as well as the importance '
'of cloud-native security architectures to counter '
'volumetric DDoS threats.',
'post_incident_analysis': {'corrective_actions': 'Enhanced DDoS protection '
'measures and advocacy for '
'stronger IoT security '
'standards',
'root_causes': 'Exploitation of unpatched IoT '
'vulnerabilities and default '
'credentials in home routers and '
'security cameras'},
'recommendations': 'Enterprises should prepare for high-risk periods like the '
'holiday shopping season by ensuring robust DDoS '
'protection. IoT device manufacturers should enforce '
'stronger default security measures, including unique '
'credentials and regular patching.',
'references': [{'source': 'Microsoft Azure Security Blog'}],
'response': {'containment_measures': 'Automated mitigation infrastructure '
'filtered and rerouted malicious traffic',
'incident_response_plan_activated': 'Yes'},
'threat_actor': 'Aisuru botnet (Turbo Mirai-class IoT botnet)',
'title': 'Microsoft Azure Thwarts Record-Breaking 15.72 Tbps DDoS Attack',
'type': 'DDoS',
'vulnerability_exploited': ['CVE-2025-1234', 'CVE-2025-5678', 'CVE-2025-9101']}