Cybersecurity researchers are sounding the alarm after Cloudflare disclosed that it had mitigated the most powerful distributed denial-of-service (DDoS) attack ever recorded. According to BleepingComputer, the strike peaked at an astonishing 22.2 terabits per second (Tbps), nearly twice the size of the previous record of 11.5 Tbps set earlier this month. Cloudflare, which acts as a reverse proxy for roughly 19.8 percent of all websites worldwide, was able to absorb the deluge without widespread disruption, but the scale of the attack highlights how quickly adversaries are scaling up their offensive capabilities.
Though brief—lasting only 40 seconds—the attack generated network activity on a scale rarely imagined outside of stress tests. Analysts estimate that the victim was bombarded with the equivalent of one million simultaneous 4K video streams. More alarming was the packet rate: 10.6 billion packets per second. To put that into perspective, it was as if every person on Earth refreshed a web page more than once per second. Such volume is extraordinarily difficult to handle, since routers, firewalls, and load balancers must process each individual request even when aggregate bandwidth remains technically within hardware capacity.
At present, the identity of the perpetrators remains unknown. Investigators are still working to determine whether the attack was linked to Aisuru, the botnet blamed for the previous record-breaking incident just weeks earlier. Aisuru has become notorious for its vast network of compromised devices, some of which appear to leverage novel methods of packet amplification. If this new assault was indeed carried out by the same botnet, it suggests its operators have expanded their reach at an alarming pace.
For enterprises and governments, this event underscores the evolving reality of internet-scale warfare. Terabit-per-second DDoS attacks that once seemed theoretical are now materializing in rapid succession. While Cloudflare’s global mitigation infrastructure proved effective this time, the trend raises urgent questions about how long defensive systems can keep pace. As adversaries continue to weaponize botnets of unprecedented size, the risk of collateral damage to critical infrastructure, financial services, and public communication systems grows ever more pressing.