As cybersecurity experts continue to contend with escalating digital threats, a record-breaking distributed denial-of-service attack has struck a major hosting provider, reaching an unprecedented peak of 7.3 terabits per second and delivering 37.4 terabytes of data within just 45 seconds. This volumetric assault surpassed previous DDoS records by 12%, demonstrating the evolving sophistication of cybercriminal operations targeting critical internet infrastructure.
The attack originated from a massive botnet comprising over 122,145 unique source IP addresses distributed across 5,433 autonomous systems and spanning 161 countries. This highly decentralized network, likely incorporating compromised IoT devices running Mirai variants, complicated both traceback efforts and mitigation strategies. The scale and geographical diversity of the botnet underscored the growing threat posed by interconnected devices vulnerable to exploitation. With zero-day exploits increasingly targeting previously unknown vulnerabilities, these botnets continue to expand their reach and capabilities.
The massive botnet’s global reach across 161 countries and 122,145 compromised devices demonstrates the unprecedented scale of modern cyber threats.
Technical analysis revealed that the assault utilized approximately 99.996% User Datagram Protocol traffic, employing multiple amplification and reflection vectors including ECHO, Portmap, QOTD, and NTP protocols. The attackers additionally utilized RIPv1 protocol and direct UDP floods to saturate bandwidth and overwhelm server resources. These outdated and legacy protocols provided significant amplification capabilities, substantially increasing the attack’s destructive potential.
The targeting strategy proved particularly aggressive, with the attack bombarding an average of 21,925 destination ports on a single IP address, reaching peaks of 34,517 ports per second. This massive port targeting was designed to maximize infrastructure strain and complicate defensive countermeasures by simultaneously hitting multiple protocols and services.
Cloudflare’s Magic Transit protection service successfully detected and autonomously blocked the attack, preventing lasting service disruption through real-time response capabilities and automated filtering systems. The company deployed its network of 477 data centers strategically positioned across 293 global locations to effectively distribute and absorb the massive traffic volumes. The autonomous mitigation system required no human intervention for packet filtering and threat response. The defensive success highlighted the vital importance of advanced, layered DDoS protection for critical infrastructure components.
This incident represents the third record-setting DDoS event mitigated by Cloudflare in 2025, following previous attacks of 5.6 Tbps and other multi-terabit assaults earlier in the year. The consistent escalation in attack scale reflects ongoing advancements in DDoS capabilities and offensive tooling, with hosting providers and cloud infrastructure increasingly becoming primary targets for the largest and most sophisticated attacks.
