Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

2025 DDoS volume surges across sectors, with AI traffic up 347% in September

Target Trend
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

DDoS activity remained elevated in 2025, with 36.2 million attacks blocked and a rising share of hyper-volumetric events, increasing the risk of disruption across exposed sectors and countries. The volume of network-layer attacks exceeding 1 Tbps climbed from 717 in Q1 to 846 in Q2 and 1,304 in Q3 2025. Targeting broadened across telecommunications, gaming, hosting, financial services, and AI companies. The pattern shows sustained pressure rather than a one-off spike, especially for high-bandwidth and short-duration attacks.

Related Happenings

Kimwolf IoT botnet activity disrupting I2P

Malware Activity
First: 11.02.2026 18:08 Last: 11.02.2026 18:08 Sources 1

About this happening: The **Kimwolf** botnet disrupted **I2P** over the past week after operators tried to join **700,000 infected bots** as nodes, briefly overwhelming the anonymity network and disrup...

Open Happening

AISURU/Kimwolf hyper-volumetric DDoS botnet activity

Malware Activity
First: 05.02.2026 19:25 Last: 05.02.2026 19:25 Sources 1

How related: The activity, the web infrastructure and security company said, originated from a DDoS botnet-for-hire known as AISURU, which has been linked to a number of hyper-volumetric DDoS attacks over the past year.

About this happening: The **AISURU/Kimwolf** botnet is a **malware activity** cluster tied to **hyper-volumetric DDoS attacks** and large-scale device conscription. On **2025-12-04**, Cloudflare said i...

Latest development: 20.03.2026 08:25

The U.S. Department of Justice disrupted command-and-control infrastructure used by AISURU, Kimwolf, JackSkid, and Mossad in a court-authorized law-enforcement operation, with support from Akamai, Amazon Web Services, Cloudflare, DigitalOcean, Google, Lumen, Nokia, Okta, Oracle, PayPal, SpyCloud, Synthient, Team Cymru, Unit 221B, and QiAnXin XLab.

Open Happening

2025 DDoS surge targets telecommunications, service providers, and carriers

Target Trend
First: 05.02.2026 19:25 Last: 05.02.2026 19:25 Sources 1

About this happening: **Cloudflare** reports that the **2025 DDoS surge** has continued into **Q3 2025**, with the **Aisuru botnet** driving more than **1,300 attacks** in three months and a record pea...

Open Happening

Aisuru/Kimwolf botnet record DDoS campaign against telecommunications and IT companies

Campaign
First: 29.01.2026 16:55 Last: 29.01.2026 16:55 Sources 1

How related: The activity, the web infrastructure and security company said, originated from a DDoS botnet-for-hire known as AISURU, which has been linked to a number of hyper-volumetric DDoS attacks over the past year.

About this happening: The **Aisuru/Kimwolf botnet** campaign expanded in **late 2025** with **Kimwolf**, a **DDoS botnet** compiled using the **NDK**, and evidence linking it to **AISURU** through shar...

Latest development: 20.03.2026 02:49

The U.S. Justice Department, with authorities in Canada and Germany, dismantled infrastructure behind Aisuru, Kimwolf, JackSkid and Mossad, seized U.S.-registered domains and virtual servers used in DDoS attacks against DoD Internet addresses, and said the action was intended to prevent further infections and future attacks.

Open Happening

Kimwolf botnet infects Android TV streaming boxes for DDoS and proxy abuse

Malware Activity
First: 09.01.2026 01:23 Last: 09.01.2026 01:23 Sources 1

About this happening: **Kimwolf/Aisuru botnet** activity now spans **Android TV streaming devices** and **record-setting DDoS attacks**. Cloudflare says the latest campaign, **“The Night Before Christm...

Latest development: 20.03.2026 10:05

Authorities from the United States, Germany, and Canada disrupted Command and Control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid, and Mossad botnets to infect Internet of Things (IoT) devices and launch hundreds of thousands of DDoS attacks, including attacks against IP addresses owned by the Department of Defense Information Network (DoDIN).

Open Happening

Timeline

  1. 04.12.2025 08:52 2 articles · 5mo ago

    Cloudflare reports record AISURU DDoS activity in 2025

    Initial Disclosure

    Cloudflare said it detected and mitigated a record 29.7 Tbps DDoS attack linked to AISURU against an undisclosed target on 2025-12-04, lasting 69 seconds and using a UDP carpet-bombing pattern that averaged 15,000 destination ports per second; the company also said it blocked a 14.1 Bpps attack from the same botnet, had mitigated 2,867 Aisuru attacks since the start of the year, and saw 1,304 hyper-volumetric attacks from the botnet in Q3 2025 alongside a 347% spike in DDoS traffic against AI companies in September 2025.

    Show sources
    Open in new tab