2025 DDoS surge targets telecommunications, service providers, and carriers
Target Trend
Summary
Hide ▲
Show ▼
Cloudflare reports that the 2025 DDoS surge has continued into Q3 2025, with the Aisuru botnet driving more than 1,300 attacks in three months and a record peak of 29.7 Tbps. The botnet-for-hire uses compromised routers and IoT devices, and Cloudflare says it mitigated 2,867 Aisuru attacks since the start of the year, including many hyper-volumetric events. The trend matters because the attacks are frequent, short, and large enough to disrupt ISPs, telecommunications, hosting, gaming, and other critical services even when they are not the direct target.
Related Happenings
Aisuru, KimWolf, JackSkid, and Mossad botnet C2 takedown
Law Enforcement
First: 20.03.2026 10:05
Last: 20.03.2026 10:05
Sources 1
About this happening:
The **U.S. Department of Justice** announced the arrest of **Jacob Butler (aka Dort)**, a **23-year-old** in **Ottawa, Canada**, for allegedly developing and operating the **Kimwo...
Aisuru, KimWolf, JackSkid, and Mossad botnet C2 takedown
Law EnforcementAbout this happening: The **U.S. Department of Justice** announced the arrest of **Jacob Butler (aka Dort)**, a **23-year-old** in **Ottawa, Canada**, for allegedly developing and operating the **Kimwo...
Operation Lightning takedown of SocksEscort proxy service
Law Enforcement
First: 13.03.2026 12:00
Last: 13.03.2026 12:00
Sources 1
About this happening:
International law enforcement partners **dismantled** the **SocksEscort** proxy service in **Operation Lightning**, disrupting a cybercrime network used to hide originating IP add...
Operation Lightning takedown of SocksEscort proxy service
Law EnforcementAbout this happening: International law enforcement partners **dismantled** the **SocksEscort** proxy service in **Operation Lightning**, disrupting a cybercrime network used to hide originating IP add...
Kimwolf IoT botnet activity disrupting I2P
Malware Activity
First: 11.02.2026 18:08
Last: 11.02.2026 18:08
Sources 1
About this happening:
The **Kimwolf** botnet disrupted **I2P** over the past week after operators tried to join **700,000 infected bots** as nodes, briefly overwhelming the anonymity network and disrup...
Kimwolf IoT botnet activity disrupting I2P
Malware ActivityAbout this happening: The **Kimwolf** botnet disrupted **I2P** over the past week after operators tried to join **700,000 infected bots** as nodes, briefly overwhelming the anonymity network and disrup...
AISURU/Kimwolf hyper-volumetric DDoS botnet activity
Malware Activity
First: 05.02.2026 19:25
Last: 05.02.2026 19:25
Sources 1
How related:
The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds.
About this happening:
The **AISURU/Kimwolf** botnet is a **malware activity** cluster tied to **hyper-volumetric DDoS attacks** and large-scale device conscription. On **2025-12-04**, Cloudflare said i...
AISURU/Kimwolf hyper-volumetric DDoS botnet activity
Malware ActivityHow related: The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds.
About this happening: The **AISURU/Kimwolf** botnet is a **malware activity** cluster tied to **hyper-volumetric DDoS attacks** and large-scale device conscription. On **2025-12-04**, Cloudflare said i...
Latest development: 20.03.2026 08:25
The U.S. Department of Justice disrupted command-and-control infrastructure used by AISURU, Kimwolf, JackSkid, and Mossad in a court-authorized law-enforcement operation, with support from Akamai, Amazon Web Services, Cloudflare, DigitalOcean, Google, Lumen, Nokia, Okta, Oracle, PayPal, SpyCloud, Synthient, Team Cymru, Unit 221B, and QiAnXin XLab.
IPIDEA trojanized Android apps and Windows binaries enrolling devices into a proxy network
Malware Activity
First: 29.01.2026 21:29
Last: 29.01.2026 21:29
Sources 1
About this happening:
The **IPIDEA** proxy network used **trojanized Android apps** and **Windows binaries** to enroll consumer devices as proxy exit nodes, creating a large-scale traffic-routing threa...
IPIDEA trojanized Android apps and Windows binaries enrolling devices into a proxy network
Malware ActivityAbout this happening: The **IPIDEA** proxy network used **trojanized Android apps** and **Windows binaries** to enroll consumer devices as proxy exit nodes, creating a large-scale traffic-routing threa...
Timeline
-
05.02.2026 19:25 2 articles · 3mo ago
Cloudflare quantifies the 2025 DDoS surge
Initial DisclosureCloudflare measured a 121% increase in DDoS attacks in 2025, with total activity reaching 47.1 million attacks and 34.4 million network-layer DDoS attacks. In Q4 2025, hyper-volumetric attacks rose 40% quarter over quarter, and telecommunications, service providers, and carriers ranked as the most attacked sector, indicating sustained pressure on defenders facing larger and more frequent traffic floods.
Show sources
- AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack — thehackernews.com — 05.02.2026 19:25
- Aisuru botnet behind new record-breaking 29.7 Tbps DDoS attack — www.bleepingcomputer.com — 03.12.2025 16:01