Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cloudflare 18-day multi-vector DDoS campaign

Campaign
First reported
Last updated
Happening score
H score 40
2 unique sources, 2 articles

Summary

Hide ▲

Cloudflare blocked an 18-day multi-vector DDoS campaign that included a record 11.5 Tbps flood, signaling sustained disruptive pressure against its network and customer services. The activity mattered because the campaign used mixed volumetric techniques, including SYN floods, Mirai-generated DDoS, and SSDP amplification, rather than a single burst. Cloudflare said it autonomously stopped hundreds of hyper-volumetric attacks over the past few weeks, showing repeated high-scale attempts to exhaust bandwidth and resources.

Related Happenings

Kimwolf IoT botnet activity disrupting I2P

Malware Activity
First: 11.02.2026 18:08 Last: 11.02.2026 18:08 Sources 1

About this happening: The **Kimwolf** botnet disrupted **I2P** over the past week after operators tried to join **700,000 infected bots** as nodes, briefly overwhelming the anonymity network and disrup...

Open Happening

2025 DDoS surge targets telecommunications, service providers, and carriers

Target Trend
First: 05.02.2026 19:25 Last: 05.02.2026 19:25 Sources 1

About this happening: **Cloudflare** reports that the **2025 DDoS surge** has continued into **Q3 2025**, with the **Aisuru botnet** driving more than **1,300 attacks** in three months and a record pea...

Open Happening

AISURU/Kimwolf hyper-volumetric DDoS botnet activity

Malware Activity
First: 05.02.2026 19:25 Last: 05.02.2026 19:25 Sources 1

About this happening: The **AISURU/Kimwolf** botnet is a **malware activity** cluster tied to **hyper-volumetric DDoS attacks** and large-scale device conscription. On **2025-12-04**, Cloudflare said i...

Latest development: 20.03.2026 08:25

The U.S. Department of Justice disrupted command-and-control infrastructure used by AISURU, Kimwolf, JackSkid, and Mossad in a court-authorized law-enforcement operation, with support from Akamai, Amazon Web Services, Cloudflare, DigitalOcean, Google, Lumen, Nokia, Okta, Oracle, PayPal, SpyCloud, Synthient, Team Cymru, Unit 221B, and QiAnXin XLab.

Open Happening

Aisuru/Kimwolf botnet record DDoS campaign against telecommunications and IT companies

Campaign
First: 29.01.2026 16:55 Last: 29.01.2026 16:55 Sources 1

About this happening: The **Aisuru/Kimwolf botnet** campaign expanded in **late 2025** with **Kimwolf**, a **DDoS botnet** compiled using the **NDK**, and evidence linking it to **AISURU** through shar...

Latest development: 20.03.2026 02:49

The U.S. Justice Department, with authorities in Canada and Germany, dismantled infrastructure behind Aisuru, Kimwolf, JackSkid and Mossad, seized U.S.-registered domains and virtual servers used in DDoS attacks against DoD Internet addresses, and said the action was intended to prevent further infections and future attacks.

Open Happening

Cloudflare BGP route leak from router policy misconfiguration disrupts IPv6 traffic

Service Disruption
First: 26.01.2026 19:50 Last: 26.01.2026 19:50 Sources 1

About this happening: **Cloudflare** experienced a **25-minute BGP route leak** that disrupted **IPv6 traffic**, causing congestion, packet loss, and about **12 Gbps** of dropped traffic. The issue ext...

Open Happening

Timeline

  1. 02.09.2025 18:52 2 articles · 8mo ago

    Cloudflare blocks 11.5 Tbps UDP flood

    Initial Disclosure

    Cloudflare said it blocked the largest recorded volumetric DDoS attack, a UDP flood that peaked at 11.5 Tbps, mainly came from Google Cloud, and lasted about 35 seconds. The company also said its defenses autonomously blocked hundreds of hyper-volumetric DDoS attacks over the past few weeks, including activity it described as an 18-day multi-vector campaign against Cloudflare's network infrastructure and customers using SYN flood attacks, Mirai-generated DDoS attacks, and SSDP amplification attacks.

    Show sources
    Open in new tab