Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Aisuru botnet record-setting DDoS activity

Malware Activity
First reported
Last updated
Happening score
H score 28
3 unique sources, 4 articles

Summary

Hide ▲

Aisuru is a TurboMirai-class IoT botnet behind record-setting DDoS activity that has continued to scale through 2025. Cloudflare said it mitigated more than 1,300 DDoS attacks from the botnet in three months, including a 29.7 Tbps event that lasted 69 seconds and used UDP carpet-bombing; Microsoft separately disclosed a 5.72 Tbps attack from the same botnet against a single endpoint in Australia. The botnet draws on compromised routers, security cameras, and DVRs and remains capable of generating hyper-volumetric floods against global internet infrastructure.

Related Happenings

Brazilian ISP botnet DDoS campaign

Campaign
First: 30.04.2026 17:04 Last: 30.04.2026 17:04 Sources 1

About this happening: The **Brazilian ISP botnet DDoS campaign** has been linked to a **Brazil-based threat actor** that repeatedly hit **Brazilian network operators** over several years. The operation...

Open Happening

NCSC-UK joint advisory on covert botnets and proxy networks

Public Sector Action
First: 23.04.2026 15:28 Last: 23.04.2026 15:28 Sources 1

About this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...

Open Happening

China-nexus hijacked-device proxy network campaign

Campaign
First: 23.04.2026 15:28 Last: 23.04.2026 15:28 Sources 1

About this happening: China-nexus hackers are **increasingly using** large-scale proxy networks of hijacked consumer devices to **evade detection**, making malicious traffic harder to trace and block....

Open Happening

Nexcorium Mirai botnet activity on TBK DVR devices

Malware Activity
First: 18.04.2026 09:01 Last: 18.04.2026 09:01 Sources 1

About this happening: **Nexcorium**, a **Mirai variant**, is now being deployed against **TBK DVR-4104** and **DVR-4216** devices by exploiting **CVE-2024-3721**, turning compromised IoT hardware into...

Open Happening

Internet-exposed Rockwell Automation/Allen-Bradley PLCs concentrated in the United States

Target Trend
First: 10.04.2026 18:52 Last: 10.04.2026 18:52 Sources 1

About this happening: A measured exposure pattern shows **5,219** internet-facing **Rockwell Automation/Allen-Bradley** PLC hosts worldwide, expanding the attack surface for **industrial control** netw...

Open Happening

Timeline

  1. 18.11.2025 10:17 1 articles · 6mo ago

    Microsoft discloses AISURU DDoS attack on endpoint in Australia

    Initial Disclosure

    Microsoft automatically detected and neutralized a 5.72 Tbps distributed denial-of-service attack against a single endpoint in Australia; the traffic came from the AISURU TurboMirai-class IoT botnet, used over 500,000 source IPs across various regions, and Microsoft said it was the largest DDoS attack ever observed in the cloud.

    Show sources
    Open in new tab
  2. 06.11.2025 04:04 1 articles · 6mo ago

    Cloudflare redacts Aisuru domains from Top Domains list

    Mitigation Patch Update

    Cloudflare redacted and then began hiding Aisuru botnet domains from its Top Domains list after the operators used massive DNS query volume against Cloudflare’s 1.1.1.1 resolver to inflate rankings and, at the same time, attack Cloudflare’s DNS service.

    Show sources
    Open in new tab
  3. 10.10.2025 19:10 1 articles · 7mo ago

    TCPShield briefly knocked offline during Aisuru data deluge

    Victim Impact Update

    Aisuru botnet traffic briefly knocked TCPShield offline during a series of data deluges on the evening of September 28, and related uptime graphs showed repeated short outages across Minecraft hosting infrastructure during the same attack window.

    Show sources
    Open in new tab
  4. 10.10.2025 19:10 2 articles · 7mo ago

    Aisuru records a 29.6 Tbps traffic flood

    Technical Analysis Update

    On October 6, Aisuru operators heaved 29.6 terabits of junk data packets each second at a targeted host in a brief test or demonstration, showing the botnet's record-setting DDoS capacity at measured attack infrastructure.

    Show sources
    Open in new tab
  5. 10.10.2025 19:10 1 articles · 7mo ago

    TCPShield absorbs more than 15 Tbps from Aisuru

    Victim Impact Update

    On October 8, Aisuru flooded TCPShield with more than 15 terabits of junk data per second, and attack logs showed that 11 of the top 20 traffic sources were U.S.-based ISPs, led by AT&T with additional volume from Charter Communications, Comcast, T-Mobile and Verizon.

    Show sources
    Open in new tab
  6. 10.10.2025 19:10 2 articles · 7mo ago

    Aisuru shifts toward U.S. ISP sourcing

    Campaign Scope Update

    Security researchers and network operators said Aisuru is drawing much of its firepower from compromised IoT devices on U.S. Internet providers such as AT&T, Comcast and Verizon, with about 300,000 compromised hosts worldwide and growing outbound DDoS congestion that can degrade service for adjacent customers and downstream targets.

    Show sources
    Open in new tab