Microsoft recently reported a massive DDoS attack on its Azure network, attributed to the Aisuru botnet, which peaked at 15.72 terabits per second (Tbps) and involved over 500,000 IP addresses. The attack focused on a specific public IP in Australia, generating around 3.64 billion packets per second (bpps). Aisuru is a Turbo Mirai-class IoT botnet known for leveraging compromised home devices like routers and cameras, primarily in the U.S. and other nations. Sean Whalen from Azure Security noted that the attack featured minimal source spoofing and random source ports, which made it easier for providers to trace and respond. Cloudflare previously linked the same botnet to a record DDoS attack in September 2025, which reached 22.2 Tbps and lasted just 40 seconds, equating to the bandwidth needed to stream one million 4K videos simultaneously. Just a week before Microsoft’s announcement, Qi’anxin's XLab reported another attack from Aisuru, this one at 11.5 Tbps, with the botnet controlling around 300,000 devices at that time. The botnet's growth was particularly notable in April 2025 after hackers compromised a TotoLink router firmware update server, infecting about 100,000 devices. Aisuru targets vulnerabilities in various home network devices, including IP cameras and routers from brands like T-Mobile and D-Link. Infosec journalist Brian Krebs highlighted that Cloudflare had to remove several domains associated with the Aisuru botnet from its rankings after they began to overshadow legitimate websites like Amazon and Google. The malicious traffic was aimed at artificially inflating these domains' popularity, undermining trust in Cloudflare's ranking system. In response, Cloudflare now takes measures to redact or hide suspected malicious domains to maintain the integrity of its services. Cloudflare's 2025 Q1 DDoS Report revealed that the company mitigated an unprecedented number of DDoS attacks in the previous year, with a staggering 198% increase quarter-over-quarter and 358% year-over-year. In total, they blocked 21.3 million attacks targeting their customers and an additional 6.6 million aimed at their own infrastructure during a significant 18-day multi-vector campaign.